CVE-2019-7329

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $SERVER'PHPSELF' insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS...

FreeBSD : c-ares -- Use After Free (1adf9ece-d4a3-11f0-83a2-843a4b343614)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1adf9ece-d4a3-11f0-83a2-843a4b343614 advisory. https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5 reports: c-ares is an...

SUSE CVE-2025-62408

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...

AZL-71854 CVE-2025-62408 affecting package fluent-bit for versions less than 3.1.10-4

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...

CVE-2025-62408 c-ares has a Use After Free vulnerability when connection is cleaned up after error

c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...

CVE-2025-62408

CVE-2025-62408 affects the c-ares asynchronous DNS resolver. Versions 1.32.3–1.34.5 terminate a query after maximum attempts when read_answer() or process_answer() are used, causing a Denial of Service. The issue is fixed in version 1.34.6. Remediation: upgrade to 1.34.6 (or later).

c-ares -- Use After Free

https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5 reports: c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed i...

EUVD-2019-16887

Malware in sbrugna...

EUVD-2019-16889

Malware in sbrugna...

EUVD-2019-16878

Malware in sbrugna...

EUVD-2019-16872

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-13072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stored XSS in the Filters page Name field in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who...

Linux Distros Unpatched Vulnerability : CVE-2019-7334

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile'...

Linux Distros Unpatched Vulnerability : CVE-2019-7342

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable...

Linux Distros Unpatched Vulnerability : CVE-2019-7344

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the...

CVE-2019-6990

A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a crafted Zone NAME to the index.php?view=zones=zoneImage∣=1 URI...

CVE-2019-7337

Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 as the view 'events' events.php insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader in functions.php, which insecurely returns the...

c-ares 资源管理错误漏洞

c-ares is a C library for asynchronous DNS requests from the c-ares individual developer. A resource management error vulnerability exists in c-ares versions 1.32.3 through 1.34.4, which stems from reuse after release and could lead to a denial of service triggered by a remote attacker...

SUSE CVE-2024-53271

Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to...

PT-2024-9686 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.31.5 Envoy versions prior to 1.32.3 Description: The issue is related to the incorrect implementation of the control flow when handling HTTP responses in the Envoy proxy server. This can lead to downstream failures i...