Vulnerabilities > Zoneminder > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-25 | CVE-2023-26039 | OS Command Injection vulnerability in Zoneminder ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. | 8.8 |
| 2023-02-25 | CVE-2023-26032 | SQL Injection vulnerability in Zoneminder ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. | 8.1 |
| 2023-02-25 | CVE-2023-26034 | SQL Injection vulnerability in Zoneminder ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. | 8.8 |
| 2022-10-07 | CVE-2022-39289 | Missing Authorization vulnerability in Zoneminder ZoneMinder is a free, open source Closed-circuit television software application. | 7.5 |
| 2019-02-04 | CVE-2019-7350 | Session Fixation vulnerability in Zoneminder Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. | 7.3 |
| 2019-02-04 | CVE-2019-7347 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Zoneminder A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. | 7.5 |
| 2019-02-04 | CVE-2019-7346 | Cross-Site Request Forgery (CSRF) vulnerability in Zoneminder A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful. | 8.8 |
| 2017-03-03 | CVE-2016-10206 | Cross-Site Request Forgery (CSRF) vulnerability in Zoneminder Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php. | 8.8 |
| 2017-03-03 | CVE-2016-10205 | Session Fixation vulnerability in Zoneminder Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie. | 7.3 |
| 2017-02-06 | CVE-2017-5368 | Cross-Site Request Forgery (CSRF) vulnerability in Zoneminder 1.29.0/1.30.0 ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. | 8.8 |