Lucene search
K

28 matches found

OSV
OSV
added 2022/10/07 9:15 p.m.6 views

UBUNTU-CVE-2022-39289

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as...

9.1CVSS7.2AI score0.00754EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/10/07 12:0 a.m.6 views

PT-2022-24872 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder affected versions not specified Description: The issue concerns the ZoneMinder API, which exposes database log contents to users without privileges. It also allows for the insertion, modification, and deletion of logs without syste...

9.8CVSS7.2AI score0.80462EPSS
Exploits28References48
OSV
OSV
added 2022/10/07 12:0 a.m.21 views

CVE-2022-39285 Stored Cross-Site Scripting Vulnerability In File Parameter in zoneminder

ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...

7.6CVSS6AI score0.03689EPSS
Exploits4References6
Cvelist
Cvelist
added 2022/10/07 12:0 a.m.31 views

CVE-2022-39289 Database log access in ZoneMinder

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as...

9.1CVSS9.3AI score0.00754EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2022/10/07 12:0 a.m.32 views

CVE-2022-39285

ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...

7.6CVSS3.7AI score0.03689EPSS
Exploits4
Nextcloud
Nextcloud
added 2021/09/06 8:37 a.m.47 views

Exceptions may have logged Encryption-at-Rest key content

None...

5.5CVSS5.5AI score0.00239EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2000/02/04 5:0 a.m.23 views

CVE-1999-0795

The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches...

7.2AI score0.02118EPSS
Exploits0References1
NVD
NVD
added 1997/10/04 4:0 a.m.13 views

CVE-1999-1061

HP Laserjet printers with JetDirect cards, when configured with TCP/IP, can be configured without a password, which allows remote attackers to connect to the printer and change its IP address or disable logging...

7.5CVSS0.03775EPSS
Exploits0References2
Rows per page
Query Builder