znc

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description An IRC bouncer with modules & scripts support
Version 1.7.5-3 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-737 1.7.0-2 1.7.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2018-14056 AVG-737 Medium Yes Directory traversal
ZNC before 1.7.1-rc1 is prone to a path traversal flaw. A non-admin user can set web skin name to ../ to access files outside of the intended skins...
CVE-2018-14055 AVG-737 High Yes Privilege escalation
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate privilege, inject rogue...

Advisories

Date Advisory Group Severity Description
19 Jul 2018 ASA-201807-11 AVG-737 High multiple issues