Information on source package zoneminder

Available versions

ReleaseVersion
sid1.32.3-2

Open issues

BugsidDescription
CVE-2019-8429vulnerableZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php fil ...
CVE-2019-8428vulnerableZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views ...
CVE-2019-8427vulnerabledaemonControl in includes/functions.php in ZoneMinder before 1.32.3 al ...
CVE-2019-8426vulnerableskins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS ...
CVE-2019-8425vulnerableincludes/database.php in ZoneMinder before 1.32.3 has XSS in the const ...
CVE-2019-8424vulnerableZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sor ...
CVE-2019-8423vulnerableZoneMinder through 1.32.3 has SQL Injection via the skins/classic/view ...
CVE-2019-7352vulnerableSelf - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...
CVE-2019-7351vulnerableLog Injection exists in ZoneMinder through 1.32.3, as an attacker can ...
CVE-2019-7350vulnerableSession fixation exists in ZoneMinder through 1.32.3, as an attacker c ...
CVE-2019-7349vulnerableReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...
CVE-2019-7348vulnerableSelf - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...
CVE-2019-7347vulnerableA Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMind ...
CVE-2019-7346vulnerableA CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a C ...
CVE-2019-7345vulnerableSelf - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...
CVE-2019-7344vulnerableReflected XSS exists in ZoneMinder through 1.32.3, allowing an attacke ...
CVE-2019-7343vulnerableReflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1. ...
CVE-2019-7342vulnerablePOST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, ...
CVE-2019-7341vulnerableReflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1. ...
CVE-2019-7340vulnerablePOST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, ...
CVE-2019-7339vulnerablePOST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, ...
CVE-2019-7338vulnerableSelf - Stored XSS exists in ZoneMinder through 1.32.3, allowing an att ...
CVE-2019-7337vulnerableReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...
CVE-2019-7336vulnerableSelf - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...
CVE-2019-7335vulnerableSelf - Stored XSS exists in ZoneMinder through 1.32.3, allowing an att ...
CVE-2019-7334vulnerableReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...
CVE-2019-7333vulnerableReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...
CVE-2019-7332vulnerableReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...
CVE-2019-7331vulnerableSelf - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...
CVE-2019-7330vulnerableReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...
CVE-2019-7329vulnerableReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...
CVE-2019-7328vulnerableReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...
CVE-2019-7327vulnerableReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...
CVE-2019-7326vulnerableSelf - Stored Cross Site Scripting (XSS) exists in ZoneMinder through ...
CVE-2019-7325vulnerableReflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32 ...

Resolved issues

BugDescription
CVE-2019-6992A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ...
CVE-2019-6991A classic Stack-based buffer overflow exists in the zmLoadUser() funct ...
CVE-2019-6990A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneM ...
CVE-2019-6777An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in ...
CVE-2018-1000833ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability ...
CVE-2018-1000832ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability ...
CVE-2017-7203A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30. ...
CVE-2017-5595A file disclosure and inclusion vulnerability exists in web/views/file ...
CVE-2017-5368ZoneMinder v1.30 and v1.29, an open-source CCTV server web application ...
CVE-2017-5367Multiple reflected XSS vulnerabilities exist within form and link inpu ...
CVE-2016-10206Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and ...
CVE-2016-10205Session fixation vulnerability in Zoneminder 1.30 and earlier allows r ...
CVE-2016-10204SQL injection vulnerability in Zoneminder 1.30 and earlier allows remo ...
CVE-2016-10203Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlie ...
CVE-2016-10202Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlie ...
CVE-2016-10201Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlie ...
CVE-2016-10140Information disclosure and authentication bypass vulnerability exists ...
CVE-2013-7464In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not confi ...
CVE-2013-0332Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x befo ...
CVE-2013-0232includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and ...
CVE-2008-6756ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.co ...
CVE-2008-6755ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to t ...
CVE-2008-3882Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and ...
CVE-2008-3881Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23 ...
CVE-2008-3880SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1. ...
CVE-2008-1381ZoneMinder before 1.23.3 allows remote authenticated users, and possib ...
CVE-2004-0227Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allo ...

Security announcements

DSA / DLADescription
DLA-1145-1zoneminder - security update
DLA-806-1zoneminder - security update
DSA-2640-1zoneminder - several issues

Search for package or bug name: Reporting problems