Debian Znc vulnerabilities

14 known vulnerabilities affecting debian/znc.

Total CVEs

14

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH2MEDIUM9LOW2

Vulnerabilities

Page 1 of 1

CVE-2024-39844CRITICALCVSS 9.8fixed in znc 1.8.2-3.1+deb12u1 (bookworm)2024

CVE-2024-39844 [CRITICAL] CVE-2024-39844: znc - In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. Scope: local bookworm: resolved (fixed in 1.8.2-3.1+deb12u1) bullseye: resolved (fixed in 1.8.2-2+deb11u1) forky: resolved (fixed in 1.9.1-1) sid: resolved (fixed in 1.9.1-1) trixie: resolved (fixed in 1.9.1-1)

CVE-2020-13775MEDIUMCVSS 6.5fixed in znc 1.8.1-1 (bookworm)2020

CVE-2020-13775 [MEDIUM] CVE-2020-13775: znc - ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application c... ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network. Scope: local bookworm: resolved (fixed in 1.8.1-1) bullseye: resolved (fixed in 1.8.1-1) forky: resolved (fixed in 1.8.1-1) sid: resolved (fixed in 1.8.1-1) trixie: resolved (fixed in 1.8.1-1)

CVE-2019-12816HIGHCVSS 8.8fixed in znc 1.7.2-3 (bookworm)2019

CVE-2019-12816 [HIGH] CVE-2019-12816: znc - Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users ... Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name. Scope: local bookworm: resolved (fixed in 1.7.2-3) bullseye: resolved (fixed in 1.7.2-3) forky: resolved (fixed in 1.7.2-3) sid: resolved (fixed in 1.7.2-3) trixie: resolved (fixed in 1.7.2-3)

CVE-2019-9917MEDIUMCVSS 6.5fixed in znc 1.7.2-2 (bookworm)2019

CVE-2019-9917 [MEDIUM] CVE-2019-9917: znc - ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service... ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding. Scope: local bookworm: resolved (fixed in 1.7.2-2) bullseye: resolved (fixed in 1.7.2-2) forky: resolved (fixed in 1.7.2-2) sid: resolved (fixed in 1.7.2-2) trixie: resolved (fixed in 1.7.2-2)

CVE-2018-14056MEDIUMCVSS 5.3fixed in znc 1.7.1-1 (bookworm)2018

CVE-2018-14056 [MEDIUM] CVE-2018-14056: znc - ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin nam... ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. Scope: local bookworm: resolved (fixed in 1.7.1-1) bullseye: resolved (fixed in 1.7.1-1) forky: resolved (fixed in 1.7.1-1) sid: resolved (fixed in 1.7.1-1) trixie: resolved (fixed in 1.7.1-1)

CVE-2018-14055MEDIUMCVSS 6.5fixed in znc 1.7.1-1 (bookworm)2018

CVE-2018-14055 [MEDIUM] CVE-2018-14055: znc - ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the ... ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. Scope: local bookworm: resolved (fixed in 1.7.1-1) bullseye: resolved (fixed in 1.7.1-1) forky: resolved (fixed in 1.7.1-1) sid: resolved (fixed in 1.7.1-1) trixie: resolved (fixed in 1.7.1-

CVE-2014-9403MEDIUMCVSS 4.0fixed in znc 1.2-4 (bookworm)2014

CVE-2014-9403 [MEDIUM] CVE-2014-9403: znc - The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 al... The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error. Scope: local bookworm: resolved (fixed in 1.2-4) bullsey

CVE-2013-2130MEDIUMCVSS 4.0fixed in znc 1.0-5 (bookworm)2013

CVE-2013-2130 [MEDIUM] CVE-2013-2130: znc - ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL poi... ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page in modules/webadmin.cpp. Scope: local bookworm: resolved (fixed in 1.0-5) bullseye: resolved (fixed in 1.0-5) forky: resolved (fixed in 1.0-5) sid: resolved (fixed in 1.0-5)

CVE-2012-0033MEDIUMCVSS 5.0fixed in znc 0.202-2 (bookworm)2012

CVE-2012-0033 [MEDIUM] CVE-2012-0033: znc - The CBounceDCCMod::OnPrivCTCP function in bouncedcc.cpp in the bouncedcc module ... The CBounceDCCMod::OnPrivCTCP function in bouncedcc.cpp in the bouncedcc module in ZNC 0.200 and 0.202 allows remote attackers to cause a denial of service (crash) via a crafted DCC RESUME request. Scope: local bookworm: resolved (fixed in 0.202-2) bullseye: resolved (fixed in 0.202-2) forky: resolved (fixed in 0.202-2) sid: resolved (fixed in 0.202-2) trixie: resolved

CVE-2010-2488HIGHCVSS 7.5fixed in znc 0.090-2 (bookworm)2010

CVE-2010-2488 [HIGH] CVE-2010-2488: znc - NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic sta... NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections. Scope: local bookworm: resolved (fixed in 0.090-2) bullseye: resolved (fixed in 0.090-2) forky: resolved (fixed in 0.090-2) sid: resolved (fixed in 0.090-2) trixie: resolved (fixed in 0.090-2)

CVE-2010-2812LOWCVSS 5.0fixed in znc 0.092-2 (bookworm)2010

CVE-2010-2812 [MEDIUM] CVE-2010-2812: znc - Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of service (ex... Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of service (exception and daemon crash) via a PING command that lacks an argument. Scope: local bookworm: resolved (fixed in 0.092-2) bullseye: resolved (fixed in 0.092-2) forky: resolved (fixed in 0.092-2) sid: resolved (fixed in 0.092-2) trixie: resolved (fixed in 0.092-2)

CVE-2010-2934LOWCVSS 5.0fixed in znc 0.092-2 (bookworm)2010

CVE-2010-2934 [MEDIUM] CVE-2010-2934: znc - Multiple unspecified vulnerabilities in ZNC 0.092 allow remote attackers to caus... Multiple unspecified vulnerabilities in ZNC 0.092 allow remote attackers to cause a denial of service (exception and daemon crash) via unknown vectors related to "unsafe substr() calls." Scope: local bookworm: resolved (fixed in 0.092-2) bullseye: resolved (fixed in 0.092-2) forky: resolved (fixed in 0.092-2) sid: resolved (fixed in 0.092-2) trixie: resolved (fixed in 0

CVE-2009-0759MEDIUMCVSS 6.5fixed in znc 0.066-1 (bookworm)2009

CVE-2009-0759 [MEDIUM] CVE-2009-0759: znc - Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow re... Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors. Scope: local bookworm: resolved (fixed in 0.066-1) bullseye: resolved (fixed in 0.066-1) forky: resolved (fixed in 0.066-1) sid: resolved (fixed in

CVE-2009-2658MEDIUMCVSS 7.5fixed in znc 0.074-1 (bookworm)2009

CVE-2009-2658 [HIGH] CVE-2009-2658: znc - Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to... Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request. Scope: local bookworm: resolved (fixed in 0.074-1) bullseye: resolved (fixed in 0.074-1) forky: resolved (fixed in 0.074-1) sid: resolved (fixed in 0.074-1) trixie: resolved (fixed in 0.074-1)