CVSS: 4.3EPSS: 3%CPEs: 14EXPL: 0CVE-2013-7049
https://notcve.org/view.php?id=CVE-2013-7049
Stack-based buffer overflow in fish.cpp in the Fish plugin for ZNC, as used in ZNC for Windows (znc-msvc) 0.206 and earlier, allows remote attackers to cause a denial of service (crash) via a long string in a DH1080_INIT message. Desbordamiento de búfer basado en pila en fish.cpp en el plugin Fish para ZNC, tal como se utiliza en ZNC para Windows (znc-msvc) v0.206 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída) a través de una larga cadena en un mensaje DH1080_INIT. • http://osvdb.org/100859 http://seclists.org/oss-sec/2013/q4/482 http://seclists.org/oss-sec/2013/q4/489 http://www.securityfocus.com/bid/64254 https://code.google.com/p/znc-msvc https://exchange.xforce.ibmcloud.com/vulnerabilities/89671 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 28%CPEs: 1EXPL: 0CVE-2010-2812
https://notcve.org/view.php?id=CVE-2010-2812
Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of service (exception and daemon crash) via a PING command that lacks an argument. Cliente.cpp en ZNC v0.092 permite a atacantes remotos causar una denegación de servicio (execpción y parada del demonio) a través de un comando PING que carece de argumento. • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045385.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045386.html http://marc.info/?l=oss-security&m=128146120727810&w=2 http://marc.info/?l=oss-security&m=128146352011964&w=2 http://marc.info/?l=oss-security&m=128152390219401&w=2 http://secunia.com/advisories/40919 http://secunia.com/advisories/40970 http://www.securityfocus.com/bid/42314 http://www.vupen.com/english/advisories/20 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 5%CPEs: 1EXPL: 0CVE-2010-2934
https://notcve.org/view.php?id=CVE-2010-2934
Multiple unspecified vulnerabilities in ZNC 0.092 allow remote attackers to cause a denial of service (exception and daemon crash) via unknown vectors related to "unsafe substr() calls." Múltiples vulnerabilidades no especificadas en ZNC v0.092 permite a atacantes remotos causar una denegación de servicio (excepción y parada del demonio) a través de vectores desconocidos relacionados con "llamadas substr() no seguras." • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045385.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045386.html http://marc.info/?l=oss-security&m=128146120727810&w=2 http://marc.info/?l=oss-security&m=128146352011964&w=2 http://marc.info/?l=oss-security&m=128152390219401&w=2 http://secunia.com/advisories/40919 http://secunia.com/advisories/40970 http://www.securityfocus.com/bid/42314 http://www.vupen.com/english/advisories/20 •
CVSS: 3.5EPSS: 0%CPEs: 23EXPL: 0CVE-2010-2448
https://notcve.org/view.php?id=CVE-2010-2448
znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell. znc.cpp en ZNC antes de v0.092 permite a los usuarios remotos autenticados causar una denegación de servicio (caida de la aplicación) al solicitar las estadísticas de tráfico cuando hay una conexión activa no autenticada, lo que desencadena una referencia a un puntero NULL, como se ha demostrado usando (1) un enlace de tráfico en la páginas web de administración o (2) el comando traffic en la shell /znc. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584929 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043043.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043044.html http://secunia.com/advisories/40523 http://sourceforge.net/projects/znc/files/znc/0.092/znc-0.092-changelog.txt/view http://www.debian.org/security/2010/dsa-2069 http://www.securityfocus.com/bid&#x •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2009-2658
https://notcve.org/view.php?id=CVE-2009-2658
Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request. Vulnerabilidad de salto de directorio en ZNC anterior a v0.072 permite a atacantes remotos sobrescribir ficheros de su elección a través de una petición DCC SEND manipulada. • http://en.znc.in/w/index.php?title=ZNC&oldid=3209#WARNING http://en.znc.in/wiki/ChangeLog/0.072 http://secunia.com/advisories/35916 http://www.debian.org/security/2009/dsa-1848 http://www.openwall.com/lists/oss-security/2009/07/21/5 http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1570 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00965.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •