Skip to main content

Atheme

5 CVEs product

Monthly

CVE-2024-27508 HIGH POC This Week

Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Atheme
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2017-6384 HIGH PATCH This Week

Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Atheme
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2016-4478 HIGH This Week

Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Leap Opensuse Atheme +1
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2014-9773 HIGH PATCH This Week

modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Leap Opensuse Atheme
NVD GitHub
CVSS 3.0
7.5
EPSS
0.4%
CVE-2012-1576 MEDIUM This Month

The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Atheme
NVD
CVSS 2.0
6.0
EPSS
1.4%
EPSS 1% CVSS 7.5
HIGH POC This Week

Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Atheme
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Atheme
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Leap +3
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Leap Opensuse +1
NVD GitHub
EPSS 1% CVSS 6.0
MEDIUM This Month

The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Atheme
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy