USN-5889-1: ZoneMinder vulnerabilities

Read Time:1 Minute, 58 Second

It was discovered that ZoneMinder was not properly sanitizing URL
parameters for certain views. An attacker could possibly use this issue to
perform a cross-site scripting (XSS) attack. This issue was only fixed in
Ubuntu 16.04 ESM. (CVE-2019-6777)

It was discovered that ZoneMinder was not properly sanitizing stored user
input later printed to the user in certain views. An attacker could
possibly use this issue to perform a cross-site scripting (XSS) attack.
This issue was only fixed in Ubuntu 16.04 ESM. (CVE-2019-6990,
CVE-2019-6992)

It was discovered that ZoneMinder was not properly limiting data size and
not properly performing bound checks when processing username and password
data, which could lead to a stack buffer overflow. An attacker could
possibly use this issue to bypass authentication, cause a denial of
service or execute arbitrary code. This issue was only fixed in Ubuntu
16.04 ESM. (CVE-2019-6991)

It was discovered that ZoneMinder was not properly defining and filtering
data that was appended to the webroot URL of a view. An attacker could
possibly use this issue to perform cross-site scripting (XSS) attacks.
This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 20.04 LTS.
(CVE-2019-7325, CVE-2019-7329)

It was discovered that ZoneMinder was not properly sanitizing user input
in the monitor editing view. An attacker could possibly use this issue to
perform a cross-site scripting (XSS) attack. This issue was only fixed in
Ubuntu 16.04 ESM and Ubuntu 20.04 LTS. (CVE-2019-7331)

It was discovered that ZoneMinder was not properly sanitizing data related
to file paths in a system. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2022-29806)

VanHelsingRaaS Expands Rapidly in Cybercrime Market

Ukraine Railway Systems Hit by Targeted Cyber-Attack

Authorities Seize 1842 Devices in Africa’s Cybercrime Crackdown

DeepSeek: A New Player in the Global AI Race

California AG Reminds 23andMe Customers of Data Deletion Rights Amid Bankruptcy Filing

More Countries are Demanding Back-Doors to Encrypted Apps

Teen Boys at Risk of Sextortion as 74% Lack Basic Awareness

Google Account Hijackers Target Victims Via Semrush Ads

The Power of Simplicity: Why LevelBlue’s Partner Program Makes Cybersecurity Easier for MSPs and MSSPs

USN-5889-1: ZoneMinder vulnerabilities

SQL Injection in Admin Functionality – dolphin.prov7.4.2

Stored XSS via Send Message Functionality – dolphin.prov7.4.2

USN-7370-1: SmartDNS vulnerabilities

dokuwiki-20240206b-1.fc42 php-kissifrot-php-ixr-1.8.4-1.fc42 php-phpseclib3-3.0.43-1.fc42

dokuwiki-20240206b-1.fc43 php-kissifrot-php-ixr-1.8.4-1.fc43 php-phpseclib3-3.0.43-1.fc43

exim-4.98.1-1.fc42