Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Quassel Security Vulnerabilities

cve
cve

CVE-2021-34825

Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local...

7.5CVSS

7.3AI Score

0.002EPSS

2021-06-17 02:15 PM
53
cve
cve

CVE-2018-1000178

A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to execute code...

9.8CVSS

9.6AI Score

0.016EPSS

2018-05-08 03:29 PM
62
cve
cve

CVE-2018-1000179

A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of...

7.5CVSS

8.1AI Score

0.004EPSS

2018-05-08 03:29 PM
65
cve
cve

CVE-2016-4414

The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake...

7.5CVSS

7.1AI Score

0.027EPSS

2016-06-13 07:59 PM
28
cve
cve

CVE-2015-8547

The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a...

7.5CVSS

7.2AI Score

0.028EPSS

2016-01-08 07:59 PM
20
cve
cve

CVE-2015-3427

Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for...

7.4AI Score

0.001EPSS

2015-05-14 02:59 PM
35
cve
cve

CVE-2015-2779

Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted...

6.4AI Score

0.042EPSS

2015-04-10 03:00 PM
24
cve
cve

CVE-2015-2778

Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte...

6.8AI Score

0.023EPSS

2015-04-10 03:00 PM
29
cve
cve

CVE-2011-3354

The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September...

6.2AI Score

0.038EPSS

2011-10-04 10:55 AM
24