23 matches found
CVE-2026-32810
Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...
SUSE CVE-2026-32733
Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...
SUSE CVE-2026-32810
Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...
CVE-2026-32733
Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...
CVE-2026-32810
Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...
CVE-2026-32810 Halloy has insecure file permissions on credential files
Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...
CVE-2026-32810 Halloy has insecure file permissions on credential files
Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...
CVE-2026-32810
Halloy is an IRC app written in Rust. Before commit f180e41061db393acf65bc99f5c5e7397586d9cb, Halloy creates its config directory and files with default umask permissions (typically 0644 files, 0755 dirs), allowing any local user to read plaintext credentials in config.toml or referenced password...
CVE-2026-32810 Halloy has insecure file permissions on credential files
Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...
CVE-2026-32810
Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...
CVE-2026-32810
Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...
CVE-2026-32733
Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...
CVE-2026-32733 Halloy has a file transfer path traveral vulnerability
Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...
CVE-2026-32733 Halloy has a file transfer path traveral vulnerability
Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...
CVE-2026-32733 Halloy has a file transfer path traveral vulnerability
Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...
CVE-2026-32733
Halloy is an IRC application written in Rust. Prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6, the DCC receive flow did not sanitize filenames from incoming DCC SEND requests. A remote IRC user could send a filename with path traversal sequences like ../../.ssh/authorizedkeys and the fil...
CVE-2026-32733
Halloy (IRC app in Rust) contained a path-traversal flaw in the DCC receive flow prior to commit 0f77b2cfc5f822517a256ea5a4b94bad8bfe38b6. A remote user could send a DCC SEND filename with path traversal sequences (e.g., ../../.ssh/authorized_keys) and the file could be written outside the user’s...
Halloy 路径遍历漏洞
Halloy is a cross-platform IRC client developed by Squidowl. Halloy has a path traversal vulnerability, which stems from the lack of cleaning of file names during the DCC reception process. This vulnerability may lead to path traversal and arbitrary file writing...
PT-2026-26688
Halloy is an IRC application written in Rust. In versions on nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any loc...
Halloy 安全漏洞
Halloy is a cross-platform IRC client developed by Squidowl. There is a security vulnerability in Halloy, which stems from improper configuration file permission settings, potentially allowing local users to read plaintext credentials...