9.8
CVE-2024-43360 - ZoneMinder Time-based SQL Injection
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This vulnerability is fixed in 1.36.34 and 1.37.61.
0
CVE-2024-43359 - XSS vulnerabilities in montagereview
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61.
6.1
CVE-2024-43358 - XSS vulnerability in filter view
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the filter view via the filter[Id]. This vulnerability is fixed in 1.36.34 and 1.37.61.
6.9
CVE-2024-7704 - Weaver e-cology Source Code ecology_dev.zip information disclosure
A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecology_dev.zip of the component Source Code Handler. The manipulation leads to information disclosure. It is possible to launch the attack remoβ¦
7.1
CVE-2023-41884 - ZoneMinder Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in β¦
ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to sql injection. This vulnerability is fixed in 1.36.34.
6.8
CVE-2024-40893 - Firewalla BTLE Authenticated Command Injection
Multiple authenticated operating system (OS) command injection vulnerabilities exist in Firewalla Box Software versions before 1.979. A physically close attacker that is authenticated to the Bluetooth Low-Energy (BTLE) interface can use the network configuration service to inject commands in variβ¦
7.1
CVE-2024-40892 - Firewalla BTLE Weak Credentials
A weak credential vulnerability exists in Firewalla Box Software versions before 1.979. This vulnerability allows a physically close attacker to use the license UUID for authentication and provision SSH credentials over the Bluetooth Low-Energy (BTLE) interface. Once an attacker gains access to theβ¦
6.8
CVE-2024-6768 - Denial of Service in CLFS.sys
A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.
0.0
CVE-2024-7712 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
6.5
CVE-2024-42474 - Streamlit Path Traversal Security Vulnerability on Windows
Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the static file shariβ¦