CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-25063 – Zenoss Dashboard defaultportlets.js cross site scripting
https://notcve.org/view.php?id=CVE-2018-25063
A vulnerability classified as problematic was found in Zenoss Dashboard up to 1.3.4. Affected by this vulnerability is an unknown functionality of the file ZenPacks/zenoss/Dashboard/browser/resources/js/defaultportlets.js. The manipulation of the argument HTMLString leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.5 is able to address this issue. • https://github.com/zenoss/ZenPacks.zenoss.Dashboard/commit/f462285a0a2d7e1a9255b0820240b94a43b00a44 https://github.com/zenoss/ZenPacks.zenoss.Dashboard/pull/130 https://github.com/zenoss/ZenPacks.zenoss.Dashboard/releases/tag/1.3.5 https://vuldb.com/?ctiid.217153 https://vuldb.com/?id.217153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2014-6262
https://notcve.org/view.php?id=CVE-2014-6262
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131. Múltiples vulnerabilidades de cadena de formato en el módulo de Python en RRDtool, como es usado en Zenoss Core versiones anteriores a 4.2.5 y otros productos, permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de un tercer argumento diseñado en la función rrdtool.graph, también se conoce como ZEN-15415, un problema relacionado con CVE-2013-2131. • http://www.kb.cert.org/vuls/id/449452 https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing https://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeab5ae2ec https://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592ee387786 https://github.com/oetiker/rrdtool-1.x/pull/532 https://lists.debian.org/debian-lts-announce/2020/03/msg00000.html https://lists.debian.org/debian-lts-announce/2020/03/msg00003.html https://www.securi • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14257
https://notcve.org/view.php?id=CVE-2019-14257
pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765. pyraw en Zenoss versión 2.5.3 permite la escalada de privilegios locales al modificar las variables de entorno para redirigir la ejecución antes de que se caigan los privilegios, también conocido como ZEN-31765. • https://www.coalfire.com/The-Coalfire-Blog https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14258
https://notcve.org/view.php?id=CVE-2019-14258
The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988. El subsistema XML-RPC en Zenoss versión 2.5.3 permite ataques XXE que conducen a la divulgación de información no autenticada a través del puerto 9988. • https://www.coalfire.com/The-Coalfire-Blog https://www.coalfire.com/The-Coalfire-Blog/August-2019/Getting-more-from-a-compliance-test • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2014-6256
https://notcve.org/view.php?id=CVE-2014-6256
Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public (1) read or (2) execute access via a move action, aka ZEN-15386. Zenoss Core hasta 5 Beta 3 permite a atacantes remotos evadir las restricciones de acceso y colocar ficheros en un directorio con acceso público de (1) lectura o (2) ejecución a través de una acción move, también conocido como ZEN-15386. • http://www.kb.cert.org/vuls/id/449452 https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing • CWE-264: Permissions, Privileges, and Access Controls •