CVE Tools

zenoss

Enterprise SoftwareUScommercial

22

Cumulative CVEs

3

Monthly snapshots

#9

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting zenoss.

CVE-2018-25063Zenoss Dashboard defaultportlets.js cross site scripting3.5Jan 1, 2023
CVE-2014-6262Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of...7.5Feb 12, 2020
CVE-2019-14257pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765.7.8Aug 21, 2019
CVE-2019-14258The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988.7.5Aug 21, 2019
CVE-2014-9252Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416.2.1Dec 15, 2014
CVE-2014-9251Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack on hash values in the...5.0Dec 15, 2014
CVE-2014-9250Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via...5.0Dec 15, 2014
CVE-2014-9249The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408.7.5Dec 15, 2014
CVE-2014-9248Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406.5.0Dec 15, 2014
CVE-2014-9247Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive (1) user account, (2) e-mail address, and (3) role information by visiting the ZenUsers (aka User Manager) page, a...4.0Dec 15, 2014
CVE-2014-9245Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated b...5.0Dec 15, 2014
CVE-2014-9386Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote attackers to hijack sessions by leveraging an unattended workstation, aka ZEN-12...6.8Dec 15, 2014
CVE-2014-9385Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5 Beta 3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger arbitrary code exec...6.8Dec 15, 2014
CVE-2014-6261Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying ...9.3Dec 15, 2014
CVE-2014-6260Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging out...6.8Dec 15, 2014