VYPR

rpm package

opensuse/znc&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/znc&distro=openSUSE%20Tumbleweed

Vulnerabilities (8)

  • CVE-2024-39844CriJul 3, 2024
    affected < 1.9.1-1.1fixed 1.9.1-1.1

    In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK.

  • CVE-2020-1377Aug 17, 2020
    affected < 1.8.2-1.11fixed 1.8.2-1.11

    An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit t

  • CVE-2019-12816Jun 15, 2019
    affected < 1.8.2-1.11fixed 1.8.2-1.11

    Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.

  • CVE-2019-9917Mar 27, 2019
    affected < 1.8.2-1.11fixed 1.8.2-1.11

    ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.

  • CVE-2018-14056MedJul 15, 2018
    affected < 1.8.2-1.11fixed 1.8.2-1.11

    ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.

  • CVE-2018-14055MedJul 15, 2018
    affected < 1.8.2-1.11fixed 1.8.2-1.11

    ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.

  • CVE-2014-9043Feb 4, 2015
    affected < 1.6.3-2.6fixed 1.6.3-2.6

    The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.

  • CVE-2012-0033Apr 8, 2014
    affected < 1.6.3-2.6fixed 1.6.3-2.6

    The CBounceDCCMod::OnPrivCTCP function in bouncedcc.cpp in the bouncedcc module in ZNC 0.200 and 0.202 allows remote attackers to cause a denial of service (crash) via a crafted DCC RESUME request.