znc
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | An IRC bouncer with modules & scripts support |
| Version | 1.10.1-3 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-737 | 1.7.0-2 | 1.7.1-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2018-14056 | AVG-737 | Medium | Yes | Directory traversal | ZNC before 1.7.1-rc1 is prone to a path traversal flaw. A non-admin user can set web skin name to ../ to access files outside of the intended skins... |
| CVE-2018-14055 | AVG-737 | High | Yes | Privilege escalation | ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate privilege, inject rogue... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 19 Jul 2018 | ASA-201807-11 | AVG-737 | High | multiple issues |