rpm package
opensuse/znc&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/znc&distro=openSUSE%20Tumbleweed
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-39844 | Cri | 9.8 | < 1.9.1-1.1 | 1.9.1-1.1 | Jul 3, 2024 | In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. | |
| CVE-2020-1377 | — | < 1.8.2-1.11 | 1.8.2-1.11 | Aug 17, 2020 | An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit t | ||
| CVE-2019-12816 | — | < 1.8.2-1.11 | 1.8.2-1.11 | Jun 15, 2019 | Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name. | ||
| CVE-2019-9917 | — | < 1.8.2-1.11 | 1.8.2-1.11 | Mar 27, 2019 | ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding. | ||
| CVE-2018-14056 | Med | 5.3 | < 1.8.2-1.11 | 1.8.2-1.11 | Jul 15, 2018 | ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. | |
| CVE-2018-14055 | Med | 6.5 | < 1.8.2-1.11 | 1.8.2-1.11 | Jul 15, 2018 | ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. | |
| CVE-2014-9043 | — | < 1.6.3-2.6 | 1.6.3-2.6 | Feb 4, 2015 | The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind. | ||
| CVE-2012-0033 | — | < 1.6.3-2.6 | 1.6.3-2.6 | Apr 8, 2014 | The CBounceDCCMod::OnPrivCTCP function in bouncedcc.cpp in the bouncedcc module in ZNC 0.200 and 0.202 allows remote attackers to cause a denial of service (crash) via a crafted DCC RESUME request. |
- affected < 1.9.1-1.1fixed 1.9.1-1.1
In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK.
- CVE-2020-1377Aug 17, 2020affected < 1.8.2-1.11fixed 1.8.2-1.11
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit t
- CVE-2019-12816Jun 15, 2019affected < 1.8.2-1.11fixed 1.8.2-1.11
Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.
- CVE-2019-9917Mar 27, 2019affected < 1.8.2-1.11fixed 1.8.2-1.11
ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.
- affected < 1.8.2-1.11fixed 1.8.2-1.11
ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.
- affected < 1.8.2-1.11fixed 1.8.2-1.11
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.
- CVE-2014-9043Feb 4, 2015affected < 1.6.3-2.6fixed 1.6.3-2.6
The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.
- CVE-2012-0033Apr 8, 2014affected < 1.6.3-2.6fixed 1.6.3-2.6
The CBounceDCCMod::OnPrivCTCP function in bouncedcc.cpp in the bouncedcc module in ZNC 0.200 and 0.202 allows remote attackers to cause a denial of service (crash) via a crafted DCC RESUME request.