AVG-737 log
Package | znc |
Status | Fixed |
Severity | High |
Type | multiple issues |
Affected | 1.7.0-2 |
Fixed | 1.7.1-1 |
Current |
1.9.1-4 [extra-testing] 1.9.1-3 [extra] |
Ticket | None |
Created | Wed Jul 18 12:19:29 2018 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2018-14056 | Medium | Yes | Directory traversal | ZNC before 1.7.1-rc1 is prone to a path traversal flaw. A non-admin user can set web skin name to ../ to access files outside of the intended skins... |
CVE-2018-14055 | High | Yes | Privilege escalation | ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate privilege, inject rogue... |
Date | Advisory | Package | Type |
---|---|---|---|
19 Jul 2018 | ASA-201807-11 | znc | multiple issues |
References |
---|
https://wiki.znc.in/ChangeLog/1.7.1 |