Lucene search
China National Vulnerability DatabaseCNVD-2022-68290HistoryOct 10, 2022 - 12:00 a.m.
ZoneMinder input validation error vulnerability
2022-10-1000:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
zoneminder
input validation
vulnerability
database performance
storage resources
attack
surveillance software
0.001 Low
EPSS
Percentile
40.6%
ZoneMinder is an open source video surveillance software system that supports IP, USB and analog cameras. The system supports IP, USB and analog cameras, etc. ZoneMinder has an input validation error vulnerability, which stems from allowing a user with view system privileges to inject new data into Zoneminder stored logs, which could be exploited by an attacker to impact database performance or consume all storage resources.
| CPE | Name | Operator | Version |
|---|---|---|---|
| Zoneminder Zoneminder | lt | 1.36.27 | |
| Zoneminder Zoneminder >1.37.0, | lt | 1.37.24 |
Related
cvelist
cvelist
CVE-2022-39291 Denial of service through logs in zoneminder
2022-10-07 00:00:00
nvd
nvd
CVE-2022-39291
2022-10-07 21:15:11
prion
prion
Double free
2022-10-07 21:15:00
alpinelinux
alpinelinux
CVE-2022-39291
2022-10-07 21:15:11
veracode
veracode
Code Injection
2022-10-20 19:27:45
debiancve
debiancve
CVE-2022-39291
2022-10-07 21:15:11
ubuntucve
ubuntucve
CVE-2022-39291
2022-10-07 00:00:00
osv
osv
CVE-2022-39291
2022-10-07 21:15:11
cve
cve
CVE-2022-39291
2022-10-07 21:15:11
packetstorm
packetstorm
Zoneminder Log Injection / XSS / Cross Site Request Forgery
2023-03-27 00:00:00
zdt
zdt
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass Exploit
2023-03-27 00:00:00
openvas
openvas
ZoneMinder < 1.36.27, 1.37.x < 1.37.24 Multiple Vulnerabilities
2022-11-23 00:00:00
exploitdb
exploitdb
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
2023-03-27 00:00:00