Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2019-6991

Published: 28/01/2019 Updated: 24/08/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Zoneminder

Vulnerability Summary

A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder up to and including 1.32.3, allowing an unauthenticated malicious user to execute code via a long username.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zoneminder zoneminder

Vendor Advisories

Debian CVElist Bug Report Logs: zoneminder: CVE-2019-6992
Debian Bug report logs - #920999 zoneminder: CVE-2019-6992 Package: src:zoneminder; Maintainer for src:zoneminder is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 31 Jan 2019 13:18:01 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in version ...
Debian CVElist Bug Report Logs: zoneminder: CVE-2019-6990
Debian Bug report logs - #921001 zoneminder: CVE-2019-6990 Package: src:zoneminder; Maintainer for src:zoneminder is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 31 Jan 2019 13:21:05 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in version ...
Debian CVElist Bug Report Logs: zoneminder: CVE-2019-6991
Debian Bug report logs - #921000 zoneminder: CVE-2019-6991 Package: src:zoneminder; Maintainer for src:zoneminder is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 31 Jan 2019 13:21:02 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in version ...
Debian CVElist Bug Report Logs: zoneminder: CVE-2019-6777
Debian Bug report logs - #920375 zoneminder: CVE-2019-6777 Package: src:zoneminder; Maintainer for src:zoneminder is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 24 Jan 2019 20:39:02 UTC Severity: important Tags: fixed-upstream, security, upstream Found in ver ...

Github Repositories

https://github.com/rishaldwivedi/Public_Disclosure

Sharing POC's of latest discovery

Public_Disclosure Sharing POC's of latest discovery Unauthenticated RCE in learnnowtelekomde/ Vulnerability – Insecure Deserialzation Vulnerability Vulnerability Description – Telerik UI for ASPNET (Version - 201631018) was being used by the application It suffers from a known vulnerability CVE-2019-18935 (Insecure Deserialization) Using basic fi

References

CWE-787https://github.com/ZoneMinder/zoneminder/pull/2482https://github.com/ZoneMinder/zoneminder/issues/2478https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920999https://github.com/rishaldwivedi/Public_Disclosure
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook