parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote attackers to cause a denial of service (crash) via empty IRC CTCP NOTICE messages.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| proton | energymech_irc_bot | 2.8.1 |
| proton | energymech_irc_bot | 2.8.5.1 |
| proton | energymech_irc_bot | 3.0.1 |
| proton | energymech_irc_bot | 2.8.2 |
| proton | energymech_irc_bot | 2.8.4 |
| proton | energymech_irc_bot | 2.9.4_dev |
| proton | energymech_irc_bot | 2.99.79 |
| proton | energymech_irc_bot | 2.8.3 |
| proton | energymech_irc_bot | 3.0 |
| proton | energymech_irc_bot | 2.8 |
| proton | energymech_irc_bot | 2.8.5 |
ProtonVPN 1.26.0 contains an unquoted service path vulnerability in its WireGuard service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path by placing malicious executables in specific file system locations to gain elevated privileges during service startup.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| disclosure@vulncheck.com | 8.4 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.5 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| proton | protonvpn | 1.26.0 |
ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| proton | protonvpn | * |