This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Znc First view 2009-03-03
Product Znc Last view 2020-06-02
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:znc:znc:0.044:*:*:*:*:*:*:* 9
cpe:2.3:a:znc:znc:0.052:*:*:*:*:*:*:* 9
cpe:2.3:a:znc:znc:0.056:*:*:*:*:*:*:* 9
cpe:2.3:a:znc:znc:0.062:*:*:*:*:*:*:* 9
cpe:2.3:a:znc:znc:0.060:*:*:*:*:*:*:* 9
cpe:2.3:a:znc:znc:0.045:*:*:*:*:*:*:* 9
cpe:2.3:a:znc:znc:0.054:*:*:*:*:*:*:* 9
cpe:2.3:a:znc:znc:0.047:*:*:*:*:*:*:* 9
cpe:2.3:a:znc:znc:0.058:*:*:*:*:*:*:* 9
cpe:2.3:a:znc:znc:0.034:*:*:*:*:*:*:* 8
cpe:2.3:a:znc:znc:0.066:*:*:*:*:*:*:* 8
cpe:2.3:a:znc:znc:0.068:*:*:*:*:*:*:* 8
cpe:2.3:a:znc:znc:0.070:*:*:*:*:*:*:* 8
cpe:2.3:a:znc:znc:0.041:*:*:*:*:*:*:* 8
cpe:2.3:a:znc:znc:0.050:*:*:*:*:*:*:* 8
cpe:2.3:a:znc:znc:0.043:*:*:*:*:*:*:* 8
cpe:2.3:a:znc:znc:0.064:*:*:*:*:*:*:* 8
cpe:2.3:a:znc:znc:0.076:*:*:*:*:*:*:* 7
cpe:2.3:a:znc:znc:0.078:*:*:*:*:*:*:* 7
cpe:2.3:a:znc:znc:0.080:*:*:*:*:*:*:* 7
cpe:2.3:a:znc:znc:0.074:*:*:*:*:*:*:* 7
cpe:2.3:a:znc:znc:0.090:*:*:*:*:*:*:* 7
cpe:2.3:a:znc:znc:0.072:*:*:*:*:*:*:* 7
cpe:2.3:a:znc:znc:0.092:*:*:*:*:*:*:* 7
cpe:2.3:a:znc:znc:*:*:*:*:*:*:*:* 7
cpe:2.3:a:znc:znc:1.0:*:*:*:*:*:*:* 6
cpe:2.3:a:znc:znc:1.2:*:*:*:*:*:*:* 5
cpe:2.3:a:znc:znc:1.7.0:*:*:*:*:*:*:* 4
cpe:2.3:a:znc:znc:1.7.2:*:*:*:*:*:*:* 2
cpe:2.3:a:znc:znc:1.7.3:*:*:*:*:*:*:* 1
cpe:2.3:a:znc:znc:1.8.0:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
6.5 2020-06-02 CVE-2020-13775

ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network.

7.5 2019-11-12 CVE-2010-2488

NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections.

8.8 2019-06-15 CVE-2019-12816

Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.

6.5 2019-03-27 CVE-2019-9917

ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.

5.3 2018-07-14 CVE-2018-14056

ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.

6.5 2018-07-14 CVE-2018-14055

ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.

4 2014-12-19 CVE-2014-9403

The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error.

4 2014-06-05 CVE-2013-2130

ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page in modules/webadmin.cpp.

5 2010-08-17 CVE-2010-2934

Multiple unspecified vulnerabilities in ZNC 0.092 allow remote attackers to cause a denial of service (exception and daemon crash) via unknown vectors related to "unsafe substr() calls."

5 2010-08-17 CVE-2010-2812

Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of service (exception and daemon crash) via a PING command that lacks an argument.

3.5 2010-07-12 CVE-2010-2448

znc.cpp in ZNC before 0.092 allows remote authenticated users to cause a denial of service (crash) by requesting traffic statistics when there is an active unauthenticated connection, which triggers a NULL pointer dereference, as demonstrated using (1) a traffic link in the web administration pages or (2) the traffic command in the /znc shell.

7.5 2009-08-04 CVE-2009-2658

Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request.

6.5 2009-03-03 CVE-2009-0759

Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors.

CWE : Common Weakness Enumeration

%idName
33% (3) CWE-20 Improper Input Validation
22% (2) CWE-476 NULL Pointer Dereference
22% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
11% (1) CWE-264 Permissions, Privileges, and Access Controls
11% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:8315 DSA-1735 znc -- missing input sanitisation
oval:org.mitre.oval:def:13146 DSA-1735-1 znc -- missing input sanitisation
oval:org.mitre.oval:def:13565 DSA-2069-1 znc -- denial of service
oval:org.mitre.oval:def:11828 DSA-2069 znc -- denial of service

Open Source Vulnerability Database (OSVDB)

id Description
67164 ZNC Multiple Unspecified substr() Exception Remote DoS
67163 ZNC Malformed PING Command Remote DoS
66236 Debian ZNC znc.cpp Traffic Statistics Processing NULL Dereference Remote DoS
56184 ZNC DCC Send Command Traversal Arbitrary File Upload
52295 ZNC Webadmin Module znc.conf QuitMessage Field Security Restriction Bypass

OpenVAS Exploits

id Description
2010-12-02 Name : Fedora Update for znc FEDORA-2010-13038
File : nvt/gb_fedora_2010_13038_znc_fc14.nasl
2010-08-13 Name : Fedora Update for znc FEDORA-2010-12468
File : nvt/gb_fedora_2010_12468_znc_fc12.nasl
2010-08-13 Name : Fedora Update for znc FEDORA-2010-12481
File : nvt/gb_fedora_2010_12481_znc_fc13.nasl
2010-08-13 Name : ZNC Multiple Denial Of Service Vulnerabilities
File : nvt/gb_znc_42314.nasl
2010-06-21 Name : ZNC NULL Pointer Dereference Denial Of Service Vulnerability
File : nvt/gb_znc_40982.nasl
2009-09-15 Name : Gentoo Security Advisory GLSA 200909-17 (znc)
File : nvt/glsa_200909_17.nasl
2009-08-17 Name : Debian Security Advisory DSA 1848-1 (znc)
File : nvt/deb_1848_1.nasl
2009-07-29 Name : Fedora Core 10 FEDORA-2009-7937 (znc)
File : nvt/fcore_2009_7937.nasl
2009-07-29 Name : Fedora Core 11 FEDORA-2009-7952 (znc)
File : nvt/fcore_2009_7952.nasl
2009-03-20 Name : Debian Security Advisory DSA 1735-1 (znc)
File : nvt/deb_1735_1.nasl
2009-03-13 Name : Ubuntu USN-731-1 (apache2)
File : nvt/ubuntu_731_1.nasl
2009-03-13 Name : Ubuntu USN-732-1 (dash)
File : nvt/ubuntu_732_1.nasl
2009-03-07 Name : Gentoo Security Advisory GLSA 200903-02 (znc)
File : nvt/glsa_200903_02.nasl

Nessus® Vulnerability Scanner

id Description
2018-07-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201807-03.nasl - Type: ACT_GATHER_INFO
2018-07-20 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_c6d1a8a68a9111e8be4d005056925db4.nasl - Type: ACT_GATHER_INFO
2018-07-20 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4252.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote Debian host is missing a security update.
File: debian_DLA-1427.nasl - Type: ACT_GATHER_INFO
2015-12-02 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-845.nasl - Type: ACT_GATHER_INFO
2015-01-09 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2015-013.nasl - Type: ACT_GATHER_INFO
2014-12-19 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-31.nasl - Type: ACT_GATHER_INFO
2013-08-20 Name: The remote Fedora host is missing a security update.
File: fedora_2013-14123.nasl - Type: ACT_GATHER_INFO
2013-08-20 Name: The remote Fedora host is missing a security update.
File: fedora_2013-14132.nasl - Type: ACT_GATHER_INFO
2010-08-19 Name: The remote Fedora host is missing a security update.
File: fedora_2010-13038.nasl - Type: ACT_GATHER_INFO
2010-08-12 Name: The remote Fedora host is missing a security update.
File: fedora_2010-12481.nasl - Type: ACT_GATHER_INFO
2010-08-12 Name: The remote Fedora host is missing a security update.
File: fedora_2010-12468.nasl - Type: ACT_GATHER_INFO
2010-07-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2069.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-10082.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-10078.nasl - Type: ACT_GATHER_INFO
2010-07-01 Name: The remote Fedora host is missing a security update.
File: fedora_2010-10042.nasl - Type: ACT_GATHER_INFO
2010-02-24 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1848.nasl - Type: ACT_GATHER_INFO
2009-09-14 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200909-17.nasl - Type: ACT_GATHER_INFO
2009-07-24 Name: The remote Fedora host is missing a security update.
File: fedora_2009-7937.nasl - Type: ACT_GATHER_INFO
2009-03-11 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1735.nasl - Type: ACT_GATHER_INFO
2009-03-08 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200903-02.nasl - Type: ACT_GATHER_INFO