Lucene search

UbuntuUSN-5889-1

HistoryFeb 27, 2023 - 12:00 a.m.

ZoneMinder vulnerabilities

2023-02-2700:00:00

ubuntu.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.384 Low

EPSS

Percentile

97.2%

JSON

Releases

Ubuntu 22.04 LTS
Ubuntu 20.04 LTS
Ubuntu 16.04 ESM

Packages

zoneminder - video camera security and surveillance solution

Details

It was discovered that ZoneMinder was not properly sanitizing URL
parameters for certain views. An attacker could possibly use this issue to
perform a cross-site scripting (XSS) attack. This issue was only fixed in
Ubuntu 16.04 ESM. (CVE-2019-6777)

It was discovered that ZoneMinder was not properly sanitizing stored user
input later printed to the user in certain views. An attacker could
possibly use this issue to perform a cross-site scripting (XSS) attack.
This issue was only fixed in Ubuntu 16.04 ESM. (CVE-2019-6990,
CVE-2019-6992)

It was discovered that ZoneMinder was not properly limiting data size and
not properly performing bound checks when processing username and password
data, which could lead to a stack buffer overflow. An attacker could
possibly use this issue to bypass authentication, cause a denial of
service or execute arbitrary code. This issue was only fixed in Ubuntu
16.04 ESM. (CVE-2019-6991)

It was discovered that ZoneMinder was not properly defining and filtering
data that was appended to the webroot URL of a view. An attacker could
possibly use this issue to perform cross-site scripting (XSS) attacks.
This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 20.04 ESM.
(CVE-2019-7325, CVE-2019-7329)

It was discovered that ZoneMinder was not properly sanitizing user input
in the monitor editing view. An attacker could possibly use this issue to
perform a cross-site scripting (XSS) attack. This issue was only fixed in
Ubuntu 16.04 ESM and Ubuntu 20.04 ESM. (CVE-2019-7331)

It was discovered that ZoneMinder was not properly sanitizing data related
to file paths in a system. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2022-29806)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.04noarchzoneminder< 1.36.12+dfsg1-1ubuntu0.1~esm1UNKNOWN
Ubuntu22.04noarchzoneminder< 1.36.12+dfsg1-1UNKNOWN
Ubuntu22.04noarchzoneminder-dbgsym< 1.36.12+dfsg1-1UNKNOWN
Ubuntu22.04noarchzoneminder-doc< 1.36.12+dfsg1-1UNKNOWN
Ubuntu20.04noarchzoneminder< 1.32.3-2ubuntu2+esm1UNKNOWN
Ubuntu20.04noarchzoneminder< 1.32.3-2ubuntu2UNKNOWN
Ubuntu20.04noarchzoneminder-dbgsym< 1.32.3-2ubuntu2UNKNOWN
Ubuntu20.04noarchzoneminder-doc< 1.32.3-2ubuntu2UNKNOWN
Ubuntu16.04noarchzoneminder< 1.29.0+dfsg-1ubuntu2+esm1UNKNOWN
Ubuntu16.04noarchzoneminder< 1.29.0+dfsg-1ubuntu2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	22.04	noarch	zoneminder	< 1.36.12+dfsg1-1ubuntu0.1~esm1	UNKNOWN
Ubuntu	22.04	noarch	zoneminder	< 1.36.12+dfsg1-1	UNKNOWN
Ubuntu	22.04	noarch	zoneminder-dbgsym	< 1.36.12+dfsg1-1	UNKNOWN
Ubuntu	22.04	noarch	zoneminder-doc	< 1.36.12+dfsg1-1	UNKNOWN
Ubuntu	20.04	noarch	zoneminder	< 1.32.3-2ubuntu2+esm1	UNKNOWN
Ubuntu	20.04	noarch	zoneminder	< 1.32.3-2ubuntu2	UNKNOWN
Ubuntu	20.04	noarch	zoneminder-dbgsym	< 1.32.3-2ubuntu2	UNKNOWN
Ubuntu	20.04	noarch	zoneminder-doc	< 1.32.3-2ubuntu2	UNKNOWN
Ubuntu	16.04	noarch	zoneminder	< 1.29.0+dfsg-1ubuntu2+esm1	UNKNOWN
Ubuntu	16.04	noarch	zoneminder	< 1.29.0+dfsg-1ubuntu2	UNKNOWN