返回 CVE 瀏覽器

CVE-2019-6991

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1230%

EPSS Percentile40.81th

Published2019年1月28日

Last Modified2024年11月21日

Vulnerability Description

A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.

Affected Platforms (CPE)

📦

Zoneminder

Zoneminder

<= 1.32.3

References & Advisories

🔗 https://github.com/ZoneMinder/zoneminder/issues/2478

🔗 https://github.com/ZoneMinder/zoneminder/pull/2482

🔗 https://github.com/ZoneMinder/zoneminder/issues/2478

🔗 https://github.com/ZoneMinder/zoneminder/pull/2482

相關漏洞威脅

CVE-2008-388210.0

Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary comman...

CVE-2018-10008329.8

ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of ...

CVE-2018-10008339.8

ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of ...

CVE-2019-84239.8

ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.

CVE-2019-6991 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space