Filtered by vendor Zenoss
Subscribe
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9249 | 1 Zenoss | 1 Zenoss Core | 2024-02-04 | 7.5 HIGH | N/A |
| The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408. | |||||
| CVE-2014-6259 | 1 Zenoss | 1 Zenoss Core | 2024-02-04 | 5.0 MEDIUM | N/A |
| Zenoss Core through 5 Beta 3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka ZEN-15414, a similar issue to CVE-2003-1564. | |||||
| CVE-2014-9252 | 1 Zenoss | 1 Zenoss Core | 2024-02-04 | 2.1 LOW | N/A |
| Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416. | |||||
| CVE-2014-9245 | 1 Zenoss | 1 Zenoss Core | 2024-02-04 | 5.0 MEDIUM | N/A |
| Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382. | |||||
| CVE-2010-0713 | 1 Zenoss | 1 Zenoss | 2024-02-04 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss 2.3.3, and other versions before 2.5, allow remote attackers to hijack the authentication of an administrator for (1) requests that reset user passwords via zport/dmd/ZenUsers/admin, and (2) requests that change user commands, which allows for remote execution of system commands via zport/dmd/userCommands/. | |||||
| CVE-2010-0712 | 1 Zenoss | 1 Zenoss | 2024-02-04 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters. | |||||