CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2019-6991 – Ubuntu Security Notice USN-5889-1
https://notcve.org/view.php?id=CVE-2019-6991
28 Jan 2019 — A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username. Existe un clásico desbordamiento de búfer basado en pila en la función zmLoadUser() en zm_user.cpp, del binario zmu, en ZoneMinder hasta la versión 1.32.3, lo que permite a los atacantes no autorizados ejecutar código mediante un nombre de usuario largo. It was discovered that ZoneMinder was not prop... • https://github.com/ZoneMinder/zoneminder/issues/2478 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6992 – Ubuntu Security Notice USN-5889-1
https://notcve.org/view.php?id=CVE-2019-6992
28 Jan 2019 — A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI. Existe Cross-Site Scripting (XSS) persistente en web/skins/classic/views/controlcaps.php en ZoneMinder, hasta la versión 1.32.3, lo que permite a los atacantes ejecutar código HTML o JavaScript en un campo vulnerable mediante un NAME o PROTOCOL largo en la URI index.ph... • https://github.com/ZoneMinder/zoneminder/commit/8c5687ca308e441742725e0aff9075779fa1a498 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6777 – Ubuntu Security Notice USN-5889-1
https://notcve.org/view.php?id=CVE-2019-6777
24 Jan 2019 — An issue was discovered in ZoneMinder v1.32.3. Reflected XSS exists in web/skins/classic/views/plugin.php via the zm/index.php?view=plugin pl parameter. Se ha descubierto un problema en ZoneMinder v1.32.3. Existe Cross-Site Scripting (XSS) reflejado en web/skins/classic/views/plugin.php mediante el parámetro "pl" en zm/index.php? • https://github.com/ZoneMinder/zoneminder/issues/2436 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •