AVG-737 log

Package	znc
Status	Fixed
Severity	High
Type	multiple issues
Affected	1.7.0-2
Fixed	1.7.1-1
Current	1.10.1-3 [extra]
Ticket	None
Created	Wed Jul 18 12:19:29 2018

Issue	Severity	Remote	Type	Description
CVE-2018-14056	Medium	Yes	Directory traversal	ZNC before 1.7.1-rc1 is prone to a path traversal flaw. A non-admin user can set web skin name to ../ to access files outside of the intended skins...
CVE-2018-14055	High	Yes	Privilege escalation	ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate privilege, inject rogue...

Issue

Severity

Remote

Type

Description

CVE-2018-14056

Medium

Yes

Directory traversal

ZNC before 1.7.1-rc1 is prone to a path traversal flaw. A non-admin user can set web skin name to ../ to access files outside of the intended skins...

CVE-2018-14055

High

Yes

Privilege escalation

ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate privilege, inject rogue...

Date	Advisory	Package	Type
19 Jul 2018	ASA-201807-11	znc	multiple issues

References
https://wiki.znc.in/ChangeLog/1.7.1