Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for quassel_irc by quassel-irc

    CVE-2014-8483 (GCVE-0-2014-8483)

    Vulnerability from nvd – Published: 2014-11-06 15:00 – Updated: 2024-08-06 13:18
    VLAI
    Summary
    The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/61932 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-updates/2014-1… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2401-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/62261 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-3063 vendor-advisoryx_refsource_DEBIAN
    http://bugs.quassel-irc.org/issues/1314 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-updates/2015-0… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2014/dsa-3068 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/62035 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-updates/2014-1… vendor-advisoryx_refsource_SUSE
    https://github.com/quassel/quassel/commit/8b5ecd2… x_refsource_CONFIRM
    Date Public
    2014-09-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:18:48.337Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "61932",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61932"
              },
              {
                "name": "openSUSE-SU-2014:1406",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html"
              },
              {
                "name": "USN-2401-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2401-1"
              },
              {
                "name": "62261",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/62261"
              },
              {
                "name": "DSA-3063",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3063"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.quassel-irc.org/issues/1314"
              },
              {
                "name": "openSUSE-SU-2015:0573",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
              },
              {
                "name": "DSA-3068",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3068"
              },
              {
                "name": "62035",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/62035"
              },
              {
                "name": "openSUSE-SU-2014:1382",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-03-25T12:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "61932",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61932"
            },
            {
              "name": "openSUSE-SU-2014:1406",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html"
            },
            {
              "name": "USN-2401-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2401-1"
            },
            {
              "name": "62261",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/62261"
            },
            {
              "name": "DSA-3063",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3063"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.quassel-irc.org/issues/1314"
            },
            {
              "name": "openSUSE-SU-2015:0573",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
            },
            {
              "name": "DSA-3068",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3068"
            },
            {
              "name": "62035",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/62035"
            },
            {
              "name": "openSUSE-SU-2014:1382",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-8483",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "61932",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61932"
                },
                {
                  "name": "openSUSE-SU-2014:1406",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html"
                },
                {
                  "name": "USN-2401-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2401-1"
                },
                {
                  "name": "62261",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/62261"
                },
                {
                  "name": "DSA-3063",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3063"
                },
                {
                  "name": "http://bugs.quassel-irc.org/issues/1314",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.quassel-irc.org/issues/1314"
                },
                {
                  "name": "openSUSE-SU-2015:0573",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
                },
                {
                  "name": "DSA-3068",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3068"
                },
                {
                  "name": "62035",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/62035"
                },
                {
                  "name": "openSUSE-SU-2014:1382",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html"
                },
                {
                  "name": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-8483",
        "datePublished": "2014-11-06T15:00:00.000Z",
        "dateReserved": "2014-10-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:18:48.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-6404 (GCVE-0-2013-6404)

    Vulnerability from nvd – Published: 2013-12-09 11:00 – Updated: 2024-08-06 17:39
    VLAI
    Summary
    Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/quassel/quassel/commit/a1a24da x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-updates/2013-1… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2013/11/28/8 mailing-listx_refsource_MLIST
    http://quassel-irc.org/node/123 x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/55640 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://osvdb.org/100432 vdb-entryx_refsource_OSVDB
    Date Public
    2013-11-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:39:01.300Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/quassel/quassel/commit/a1a24da"
              },
              {
                "name": "openSUSE-SU-2013:1929",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"
              },
              {
                "name": "[oss-security] 20131127 Re: CVE Request: Quassel IRC - manipulated clients can access backlog of all users on a shared core",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/11/28/8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://quassel-irc.org/node/123"
              },
              {
                "name": "quasselirc-cve20136404-sec-bypass(89377)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89377"
              },
              {
                "name": "55640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/55640"
              },
              {
                "name": "openSUSE-SU-2014:0114",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html"
              },
              {
                "name": "100432",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/100432"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users\u0027 backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/quassel/quassel/commit/a1a24da"
            },
            {
              "name": "openSUSE-SU-2013:1929",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"
            },
            {
              "name": "[oss-security] 20131127 Re: CVE Request: Quassel IRC - manipulated clients can access backlog of all users on a shared core",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/11/28/8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://quassel-irc.org/node/123"
            },
            {
              "name": "quasselirc-cve20136404-sec-bypass(89377)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89377"
            },
            {
              "name": "55640",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/55640"
            },
            {
              "name": "openSUSE-SU-2014:0114",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html"
            },
            {
              "name": "100432",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/100432"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-6404",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users\u0027 backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/quassel/quassel/commit/a1a24da",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/quassel/quassel/commit/a1a24da"
                },
                {
                  "name": "openSUSE-SU-2013:1929",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"
                },
                {
                  "name": "[oss-security] 20131127 Re: CVE Request: Quassel IRC - manipulated clients can access backlog of all users on a shared core",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/11/28/8"
                },
                {
                  "name": "http://quassel-irc.org/node/123",
                  "refsource": "CONFIRM",
                  "url": "http://quassel-irc.org/node/123"
                },
                {
                  "name": "quasselirc-cve20136404-sec-bypass(89377)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89377"
                },
                {
                  "name": "55640",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/55640"
                },
                {
                  "name": "openSUSE-SU-2014:0114",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html"
                },
                {
                  "name": "100432",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/100432"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-6404",
        "datePublished": "2013-12-09T11:00:00.000Z",
        "dateReserved": "2013-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:39:01.300Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-3443 (GCVE-0-2010-3443)

    Vulnerability from nvd – Published: 2013-11-23 11:00 – Updated: 2024-08-07 03:11
    VLAI
    Summary
    ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIVMSG message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://git.quassel-irc.org/?p=quassel.git%3Ba=com… x_refsource_CONFIRM
    http://bugs.quassel-irc.org/issues/1023 x_refsource_CONFIRM
    http://bugs.quassel-irc.org/issues/1024 x_refsource_CONFIRM
    http://secunia.com/advisories/55581 third-party-advisoryx_refsource_SECUNIA
    http://ubuntu.com/usn/usn-991-1 vendor-advisoryx_refsource_UBUNTU
    http://quassel-irc.org/node/115 x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-201311-03.xml vendor-advisoryx_refsource_GENTOO
    Date Public
    2013-11-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:11:43.740Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.quassel-irc.org/?p=quassel.git%3Ba=commitdiff%3Bh=a4ca568cdf68cf4a0343eb161518dc8e50cea87d"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.quassel-irc.org/issues/1023"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.quassel-irc.org/issues/1024"
              },
              {
                "name": "55581",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/55581"
              },
              {
                "name": "USN-991-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://ubuntu.com/usn/usn-991-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://quassel-irc.org/node/115"
              },
              {
                "name": "GLSA-201311-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIVMSG message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-11-23T18:10:04.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.quassel-irc.org/?p=quassel.git%3Ba=commitdiff%3Bh=a4ca568cdf68cf4a0343eb161518dc8e50cea87d"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.quassel-irc.org/issues/1023"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.quassel-irc.org/issues/1024"
            },
            {
              "name": "55581",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/55581"
            },
            {
              "name": "USN-991-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://ubuntu.com/usn/usn-991-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://quassel-irc.org/node/115"
            },
            {
              "name": "GLSA-201311-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-3443",
        "datePublished": "2013-11-23T11:00:00.000Z",
        "dateReserved": "2010-09-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:11:43.740Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4422 (GCVE-0-2013-4422)

    Vulnerability from nvd – Published: 2013-10-23 15:00 – Updated: 2024-08-06 16:45
    VLAI
    Summary
    SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://quassel-irc.org/node/120 x_refsource_CONFIRM
    http://secunia.com/advisories/55194 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/55581 third-party-advisoryx_refsource_SECUNIA
    http://bugs.quassel-irc.org/issues/1244 x_refsource_CONFIRM
    http://seclists.org/oss-sec/2013/q4/74 mailing-listx_refsource_MLIST
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://security.gentoo.org/glsa/glsa-201311-03.xml vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/62923 vdb-entryx_refsource_BID
    Date Public
    2013-10-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:45:13.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://quassel-irc.org/node/120"
              },
              {
                "name": "55194",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/55194"
              },
              {
                "name": "55581",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/55581"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.quassel-irc.org/issues/1244"
              },
              {
                "name": "[oss-security] 20131010 Re: CVE Request - Quassel IRC SQL injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2013/q4/74"
              },
              {
                "name": "quasselirc-backslash-sql-injection(87805)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87805"
              },
              {
                "name": "GLSA-201311-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
              },
              {
                "name": "62923",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/62923"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \\ (backslash) in a message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://quassel-irc.org/node/120"
            },
            {
              "name": "55194",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/55194"
            },
            {
              "name": "55581",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/55581"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.quassel-irc.org/issues/1244"
            },
            {
              "name": "[oss-security] 20131010 Re: CVE Request - Quassel IRC SQL injection",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2013/q4/74"
            },
            {
              "name": "quasselirc-backslash-sql-injection(87805)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87805"
            },
            {
              "name": "GLSA-201311-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
            },
            {
              "name": "62923",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/62923"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-4422",
        "datePublished": "2013-10-23T15:00:00.000Z",
        "dateReserved": "2013-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:45:13.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-8483 (GCVE-0-2014-8483)

    Vulnerability from cvelistv5 – Published: 2014-11-06 15:00 – Updated: 2024-08-06 13:18
    VLAI
    Summary
    The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/61932 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-updates/2014-1… vendor-advisoryx_refsource_SUSE
    http://www.ubuntu.com/usn/USN-2401-1 vendor-advisoryx_refsource_UBUNTU
    http://secunia.com/advisories/62261 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-3063 vendor-advisoryx_refsource_DEBIAN
    http://bugs.quassel-irc.org/issues/1314 x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-updates/2015-0… vendor-advisoryx_refsource_SUSE
    http://www.debian.org/security/2014/dsa-3068 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/62035 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-updates/2014-1… vendor-advisoryx_refsource_SUSE
    https://github.com/quassel/quassel/commit/8b5ecd2… x_refsource_CONFIRM
    Date Public
    2014-09-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:18:48.337Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "61932",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61932"
              },
              {
                "name": "openSUSE-SU-2014:1406",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html"
              },
              {
                "name": "USN-2401-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2401-1"
              },
              {
                "name": "62261",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/62261"
              },
              {
                "name": "DSA-3063",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3063"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.quassel-irc.org/issues/1314"
              },
              {
                "name": "openSUSE-SU-2015:0573",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
              },
              {
                "name": "DSA-3068",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-3068"
              },
              {
                "name": "62035",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/62035"
              },
              {
                "name": "openSUSE-SU-2014:1382",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-03-25T12:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "61932",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61932"
            },
            {
              "name": "openSUSE-SU-2014:1406",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html"
            },
            {
              "name": "USN-2401-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2401-1"
            },
            {
              "name": "62261",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/62261"
            },
            {
              "name": "DSA-3063",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3063"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.quassel-irc.org/issues/1314"
            },
            {
              "name": "openSUSE-SU-2015:0573",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
            },
            {
              "name": "DSA-3068",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-3068"
            },
            {
              "name": "62035",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/62035"
            },
            {
              "name": "openSUSE-SU-2014:1382",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-8483",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "61932",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61932"
                },
                {
                  "name": "openSUSE-SU-2014:1406",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html"
                },
                {
                  "name": "USN-2401-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2401-1"
                },
                {
                  "name": "62261",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/62261"
                },
                {
                  "name": "DSA-3063",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3063"
                },
                {
                  "name": "http://bugs.quassel-irc.org/issues/1314",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.quassel-irc.org/issues/1314"
                },
                {
                  "name": "openSUSE-SU-2015:0573",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
                },
                {
                  "name": "DSA-3068",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-3068"
                },
                {
                  "name": "62035",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/62035"
                },
                {
                  "name": "openSUSE-SU-2014:1382",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00028.html"
                },
                {
                  "name": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-8483",
        "datePublished": "2014-11-06T15:00:00.000Z",
        "dateReserved": "2014-10-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:18:48.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-6404 (GCVE-0-2013-6404)

    Vulnerability from cvelistv5 – Published: 2013-12-09 11:00 – Updated: 2024-08-06 17:39
    VLAI
    Summary
    Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/quassel/quassel/commit/a1a24da x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-updates/2013-1… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2013/11/28/8 mailing-listx_refsource_MLIST
    http://quassel-irc.org/node/123 x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/55640 third-party-advisoryx_refsource_SECUNIA
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://osvdb.org/100432 vdb-entryx_refsource_OSVDB
    Date Public
    2013-11-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:39:01.300Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/quassel/quassel/commit/a1a24da"
              },
              {
                "name": "openSUSE-SU-2013:1929",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"
              },
              {
                "name": "[oss-security] 20131127 Re: CVE Request: Quassel IRC - manipulated clients can access backlog of all users on a shared core",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/11/28/8"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://quassel-irc.org/node/123"
              },
              {
                "name": "quasselirc-cve20136404-sec-bypass(89377)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89377"
              },
              {
                "name": "55640",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/55640"
              },
              {
                "name": "openSUSE-SU-2014:0114",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html"
              },
              {
                "name": "100432",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/100432"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users\u0027 backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/quassel/quassel/commit/a1a24da"
            },
            {
              "name": "openSUSE-SU-2013:1929",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"
            },
            {
              "name": "[oss-security] 20131127 Re: CVE Request: Quassel IRC - manipulated clients can access backlog of all users on a shared core",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/11/28/8"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://quassel-irc.org/node/123"
            },
            {
              "name": "quasselirc-cve20136404-sec-bypass(89377)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89377"
            },
            {
              "name": "55640",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/55640"
            },
            {
              "name": "openSUSE-SU-2014:0114",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html"
            },
            {
              "name": "100432",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/100432"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2013-6404",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users\u0027 backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/quassel/quassel/commit/a1a24da",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/quassel/quassel/commit/a1a24da"
                },
                {
                  "name": "openSUSE-SU-2013:1929",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00092.html"
                },
                {
                  "name": "[oss-security] 20131127 Re: CVE Request: Quassel IRC - manipulated clients can access backlog of all users on a shared core",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/11/28/8"
                },
                {
                  "name": "http://quassel-irc.org/node/123",
                  "refsource": "CONFIRM",
                  "url": "http://quassel-irc.org/node/123"
                },
                {
                  "name": "quasselirc-cve20136404-sec-bypass(89377)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89377"
                },
                {
                  "name": "55640",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/55640"
                },
                {
                  "name": "openSUSE-SU-2014:0114",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00078.html"
                },
                {
                  "name": "100432",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/100432"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-6404",
        "datePublished": "2013-12-09T11:00:00.000Z",
        "dateReserved": "2013-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:39:01.300Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-3443 (GCVE-0-2010-3443)

    Vulnerability from cvelistv5 – Published: 2013-11-23 11:00 – Updated: 2024-08-07 03:11
    VLAI
    Summary
    ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIVMSG message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://git.quassel-irc.org/?p=quassel.git%3Ba=com… x_refsource_CONFIRM
    http://bugs.quassel-irc.org/issues/1023 x_refsource_CONFIRM
    http://bugs.quassel-irc.org/issues/1024 x_refsource_CONFIRM
    http://secunia.com/advisories/55581 third-party-advisoryx_refsource_SECUNIA
    http://ubuntu.com/usn/usn-991-1 vendor-advisoryx_refsource_UBUNTU
    http://quassel-irc.org/node/115 x_refsource_CONFIRM
    http://security.gentoo.org/glsa/glsa-201311-03.xml vendor-advisoryx_refsource_GENTOO
    Date Public
    2013-11-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T03:11:43.740Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.quassel-irc.org/?p=quassel.git%3Ba=commitdiff%3Bh=a4ca568cdf68cf4a0343eb161518dc8e50cea87d"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.quassel-irc.org/issues/1023"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.quassel-irc.org/issues/1024"
              },
              {
                "name": "55581",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/55581"
              },
              {
                "name": "USN-991-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://ubuntu.com/usn/usn-991-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://quassel-irc.org/node/115"
              },
              {
                "name": "GLSA-201311-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-11-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIVMSG message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-11-23T18:10:04.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.quassel-irc.org/?p=quassel.git%3Ba=commitdiff%3Bh=a4ca568cdf68cf4a0343eb161518dc8e50cea87d"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.quassel-irc.org/issues/1023"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.quassel-irc.org/issues/1024"
            },
            {
              "name": "55581",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/55581"
            },
            {
              "name": "USN-991-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://ubuntu.com/usn/usn-991-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://quassel-irc.org/node/115"
            },
            {
              "name": "GLSA-201311-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-3443",
        "datePublished": "2013-11-23T11:00:00.000Z",
        "dateReserved": "2010-09-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T03:11:43.740Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4422 (GCVE-0-2013-4422)

    Vulnerability from cvelistv5 – Published: 2013-10-23 15:00 – Updated: 2024-08-06 16:45
    VLAI
    Summary
    SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://quassel-irc.org/node/120 x_refsource_CONFIRM
    http://secunia.com/advisories/55194 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/55581 third-party-advisoryx_refsource_SECUNIA
    http://bugs.quassel-irc.org/issues/1244 x_refsource_CONFIRM
    http://seclists.org/oss-sec/2013/q4/74 mailing-listx_refsource_MLIST
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://security.gentoo.org/glsa/glsa-201311-03.xml vendor-advisoryx_refsource_GENTOO
    http://www.securityfocus.com/bid/62923 vdb-entryx_refsource_BID
    Date Public
    2013-10-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:45:13.900Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://quassel-irc.org/node/120"
              },
              {
                "name": "55194",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/55194"
              },
              {
                "name": "55581",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/55581"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.quassel-irc.org/issues/1244"
              },
              {
                "name": "[oss-security] 20131010 Re: CVE Request - Quassel IRC SQL injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2013/q4/74"
              },
              {
                "name": "quasselirc-backslash-sql-injection(87805)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87805"
              },
              {
                "name": "GLSA-201311-03",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
              },
              {
                "name": "62923",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/62923"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \\ (backslash) in a message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://quassel-irc.org/node/120"
            },
            {
              "name": "55194",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/55194"
            },
            {
              "name": "55581",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/55581"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.quassel-irc.org/issues/1244"
            },
            {
              "name": "[oss-security] 20131010 Re: CVE Request - Quassel IRC SQL injection",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2013/q4/74"
            },
            {
              "name": "quasselirc-backslash-sql-injection(87805)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87805"
            },
            {
              "name": "GLSA-201311-03",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-201311-03.xml"
            },
            {
              "name": "62923",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/62923"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-4422",
        "datePublished": "2013-10-23T15:00:00.000Z",
        "dateReserved": "2013-06-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:45:13.900Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }