Vulnerabilities > Unrealircd > Unrealircd > 3.2.10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-23 | CVE-2017-13649 | Improper Initialization vulnerability in Unrealircd UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. | 2.1 |
2017-01-18 | CVE-2016-7144 | Improper Authentication vulnerability in Unrealircd The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. | 6.8 |
2014-05-19 | CVE-2013-7384 | Unspecified vulnerability in Unrealircd 3.2.10/3.2.10.1 UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. | 5.0 |
2014-05-19 | CVE-2013-6413 | Resource Management Errors vulnerability in Unrealircd 3.2.10/3.2.10.1 Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. | 5.0 |