Filtered by vendor Zenoss
Subscribe
Total
26 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-9252 | 1 Zenoss | 1 Zenoss Core | 2023-12-10 | 2.1 LOW | N/A |
Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416. | |||||
CVE-2014-9250 | 1 Zenoss | 1 Zenoss Core | 2023-12-10 | 5.0 MEDIUM | N/A |
Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via script access to this cookie, aka ZEN-10418. | |||||
CVE-2014-9247 | 1 Zenoss | 1 Zenoss Core | 2023-12-10 | 4.0 MEDIUM | N/A |
Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive (1) user account, (2) e-mail address, and (3) role information by visiting the ZenUsers (aka User Manager) page, aka ZEN-15389. | |||||
CVE-2014-6258 | 1 Zenoss | 1 Zenoss Core | 2023-12-10 | 5.0 MEDIUM | N/A |
An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service (CPU consumption) by triggering an arbitrary regular-expression match attempt, aka ZEN-15411. | |||||
CVE-2010-0712 | 1 Zenoss | 1 Zenoss | 2023-12-10 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters. | |||||
CVE-2010-0713 | 1 Zenoss | 1 Zenoss | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/. |