Vulnerabilities > Zoneminder > Zoneminder > 1.32.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-07 | CVE-2022-39289 | Missing Authorization vulnerability in Zoneminder ZoneMinder is a free, open source Closed-circuit television software application. | 7.5 |
| 2022-10-07 | CVE-2022-39290 | Improper Authentication vulnerability in Zoneminder ZoneMinder is a free, open source Closed-circuit television software application. | 6.5 |
| 2022-10-07 | CVE-2022-39291 | Improper Input Validation vulnerability in Zoneminder ZoneMinder is a free, open source Closed-circuit television software application. | 5.4 |
| 2022-04-26 | CVE-2022-29806 | Path Traversal vulnerability in Zoneminder ZoneMinder before 1.36.13 allows remote code execution via an invalid language. | 7.5 |
| 2020-09-17 | CVE-2020-25729 | Cross-site Scripting vulnerability in Zoneminder ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php. | 4.3 |
| 2019-02-18 | CVE-2019-8429 | SQL Injection vulnerability in Zoneminder ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter. | 7.5 |
| 2019-02-18 | CVE-2019-8428 | SQL Injection vulnerability in Zoneminder ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. | 7.5 |
| 2019-02-18 | CVE-2019-8427 | OS Command Injection vulnerability in Zoneminder daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters. | 7.5 |
| 2019-02-18 | CVE-2019-8426 | Cross-site Scripting vulnerability in Zoneminder skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter. | 4.3 |
| 2019-02-18 | CVE-2019-8425 | Cross-site Scripting vulnerability in Zoneminder includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages. | 4.3 |