Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Zenoss Subscribe
Total 26 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9252 1 Zenoss 1 Zenoss Core 2023-12-10 2.1 LOW N/A
Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416.
CVE-2014-9250 1 Zenoss 1 Zenoss Core 2023-12-10 5.0 MEDIUM N/A
Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via script access to this cookie, aka ZEN-10418.
CVE-2014-9247 1 Zenoss 1 Zenoss Core 2023-12-10 4.0 MEDIUM N/A
Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive (1) user account, (2) e-mail address, and (3) role information by visiting the ZenUsers (aka User Manager) page, aka ZEN-15389.
CVE-2014-6258 1 Zenoss 1 Zenoss Core 2023-12-10 5.0 MEDIUM N/A
An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service (CPU consumption) by triggering an arbitrary regular-expression match attempt, aka ZEN-15411.
CVE-2010-0712 1 Zenoss 1 Zenoss 2023-12-10 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters.
CVE-2010-0713 1 Zenoss 1 Zenoss 2023-12-10 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/.