Ircu
Products
2- 9 CVEs
- 2 CVEs
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-10266 | Hig | 0.53 | 8.1 | 0.00 | Apr 6, 2020 | UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily… | ||
| CVE-2020-10290 | Med | 0.44 | 6.8 | 0.00 | Aug 21, 2020 | Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the overall robot operations as demonstrated in our video. In our PoC we demonstrate… | ||
| CVE-2008-1501 | 0.03 | — | 0.05 | Mar 25, 2008 | The send_user_mode function in s_user.c in (1) Undernet ircu 2.10.12.12 and earlier, (2) snircd 1.3.4 and earlier, and unspecified other ircu derivatives allows remote attackers to cause a denial of service (daemon crash) via a malformed MODE command. | |||
| CVE-2007-4409 | 0.00 | — | 0.01 | Aug 18, 2007 | Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote attackers to set a new Apass during a netburst by arranging for ops privilege to be granted before the mode arrives. | |||
| CVE-2007-4410 | 0.00 | — | 0.01 | Aug 18, 2007 | ircu 2.10.12.05 and earlier does not properly synchronize a kick action in certain cross scenarios, which allows remote authenticated operators to prevent later kick or de-op actions from non-local ops. | |||
| CVE-2007-4405 | 0.00 | — | 0.02 | Aug 18, 2007 | ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by creating a large number of unused channels (zannels). | |||
| CVE-2007-4408 | 0.00 | — | 0.01 | Aug 18, 2007 | ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allows remote attackers to take over a channel during a netjoin by causing a bounce while a server with an older version of the channel is linking. | |||
| CVE-2007-4411 | 0.00 | — | 0.01 | Aug 18, 2007 | ircu 2.10.12.05 and earlier allows remote attackers to discover the hidden IP address of arbitrary +x users via a series of /silence commands with (1) CIDR mask arguments or (2) certain other arguments that represent groups of IP addresses, then monitoring CTCP ping replies. | |||
| CVE-2007-4404 | 0.00 | — | 0.02 | Aug 18, 2007 | ircu 2.10.12.01 allows remote attackers to (1) cause a denial of service (flood wallops) by joining two channels with certain long names that differ in the final character, which triggers a protocol violation and (2) cause a denial of service (daemon crash) via a "J 0:#channel"… | |||
| CVE-2007-4407 | 0.00 | — | 0.01 | Aug 18, 2007 | ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops privilege on an unused channel (zannel), which allows remote attackers to (1) set or remove certain channel modes via a "netriding" attack or (2) take over a channel by joining an unlinked server with the… | |||
| CVE-2007-4406 | 0.00 | — | 0.01 | Aug 18, 2007 | ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after a join from a server with an older timestamp (TS), which allows remote attackers to gain control of a channel during a split. |
- risk 0.53cvss 8.1epss 0.00
UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots. When installing any of these components in the robots (e.g. in the UR10), no integrity checks are performed. Moreover, the SDK for making such components can be easily…
- risk 0.44cvss 6.8epss 0.00
Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the overall robot operations as demonstrated in our video. In our PoC we demonstrate…
- CVE-2008-1501Mar 25, 2008risk 0.03cvss —epss 0.05
The send_user_mode function in s_user.c in (1) Undernet ircu 2.10.12.12 and earlier, (2) snircd 1.3.4 and earlier, and unspecified other ircu derivatives allows remote attackers to cause a denial of service (daemon crash) via a malformed MODE command.
- CVE-2007-4409Aug 18, 2007risk 0.00cvss —epss 0.01
Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote attackers to set a new Apass during a netburst by arranging for ops privilege to be granted before the mode arrives.
- CVE-2007-4410Aug 18, 2007risk 0.00cvss —epss 0.01
ircu 2.10.12.05 and earlier does not properly synchronize a kick action in certain cross scenarios, which allows remote authenticated operators to prevent later kick or de-op actions from non-local ops.
- CVE-2007-4405Aug 18, 2007risk 0.00cvss —epss 0.02
ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by creating a large number of unused channels (zannels).
- CVE-2007-4408Aug 18, 2007risk 0.00cvss —epss 0.01
ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allows remote attackers to take over a channel during a netjoin by causing a bounce while a server with an older version of the channel is linking.
- CVE-2007-4411Aug 18, 2007risk 0.00cvss —epss 0.01
ircu 2.10.12.05 and earlier allows remote attackers to discover the hidden IP address of arbitrary +x users via a series of /silence commands with (1) CIDR mask arguments or (2) certain other arguments that represent groups of IP addresses, then monitoring CTCP ping replies.
- CVE-2007-4404Aug 18, 2007risk 0.00cvss —epss 0.02
ircu 2.10.12.01 allows remote attackers to (1) cause a denial of service (flood wallops) by joining two channels with certain long names that differ in the final character, which triggers a protocol violation and (2) cause a denial of service (daemon crash) via a "J 0:#channel"…
- CVE-2007-4407Aug 18, 2007risk 0.00cvss —epss 0.01
ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops privilege on an unused channel (zannel), which allows remote attackers to (1) set or remove certain channel modes via a "netriding" attack or (2) take over a channel by joining an unlinked server with the…
- CVE-2007-4406Aug 18, 2007risk 0.00cvss —epss 0.01
ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after a join from a server with an older timestamp (TS), which allows remote attackers to gain control of a channel during a split.