CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2010-2488
https://notcve.org/view.php?id=CVE-2010-2488
NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections. Una vulnerabilidad de desreferencia del puntero NULL en ZNC versiones anteriores a 0.092, causada por estadísticas de tráfico cuando se presentan conexiones no autenticadas. • https://access.redhat.com/security/cve/cve-2010-2488 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584929 https://security-tracker.debian.org/tracker/CVE-2010-2488 https://wiki.znc.in/ChangeLog/0.092 • CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-12816
https://notcve.org/view.php?id=CVE-2019-12816
Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name. El archivo Modules.cpp en ZNC anterior a versión 1.7.4-rc1 permite a los usuarios remotos no administradores y autenticados, escalar privilegios y ejecutar código arbitrario mediante la carga de un módulo con un nombre creado. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00018.html https://github.com/znc/znc/commit/8de9e376ce531fe7f3c8b0aa4876d15b479b7311 https://github.com/znc/znc/compare/be1b6bc...d1997d6 https://lists.debian.org/debian-lts-announce/2019/06/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4O24TQOB73X57GACLZVMRVUK4UKHLE5G https://lists.fedoraproject.org/archives/list/package • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 5EXPL: 0CVE-2019-9917
https://notcve.org/view.php?id=CVE-2019-9917
ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding. ZNC, en versiones anteriores a la 1.7.3-rc1, permite que un usuario remoto existente provoque una denegación de servicio (cierre inesperado) mediante el cifrado inválido. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00018.html https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WTRBTPL7WWKQ7DZ2ALDTCGYUWSE6SL3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRHCMHI44AW5CJ22WV676BKFUWWCLA7T https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedor • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-14055
https://notcve.org/view.php?id=CVE-2018-14055
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. ZNC en versiones anteriores a la 1.7.1-rc1 no valida correctamente las líneas no fiables provenientes de la red, lo que permite que un usuario que no es administrador escale sus privilegios e inyecte valores no autorizados en znc.conf. • https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d https://security.gentoo.org/glsa/201807-03 https://www.debian.org/security/2018/dsa-4252 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-14056
https://notcve.org/view.php?id=CVE-2018-14056
ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. ZNC en versiones anteriores a la 1.7.1-rc1 es propenso a un error de salto de directorio mediante ../ en un nombre de skin web para acceder a archivos fuera del directorio skins planeado. • https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773 https://security.gentoo.org/glsa/201807-03 https://www.debian.org/security/2018/dsa-4252 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •