Vulnerabilities > Quassel IRC > Quassel > 0.7.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-17 | CVE-2021-34825 | Cleartext Transmission of Sensitive Information vulnerability in multiple products Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system. | 7.5 |
2016-06-13 | CVE-2016-4414 | Remote Denial Of Service vulnerability in Quassel The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data. | 5.0 |
2016-01-08 | CVE-2015-8547 | Code vulnerability in multiple products The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query. | 5.0 |
2015-05-14 | CVE-2015-3427 | SQL Injection vulnerability in multiple products Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. | 7.5 |
2015-04-10 | CVE-2015-2779 | Resource Management Errors vulnerability in Quassel-Irc Quassel Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage. | 5.0 |
2015-04-10 | CVE-2015-2778 | Resource Management Errors vulnerability in Quassel-Irc Quassel Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters. | 5.0 |