pkg:Debian/zoneminder
91 total CVEsCRITICAL15HIGH14MEDIUM51
✅ Check your installed version
All known vulnerabilities
- CRITICAL9.8CVE-2025-65791ZoneMinder v1.36.34 is vulnerable to Command Injection in web/views/image.php.from 0
- CRITICAL9.8CVE-2024-43360ZoneMinder is a free, open source closed-circuit television software application.from 0
- CRITICAL9.8CVE-2023-26037ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.from 0
- CRITICAL9.8CVE-2023-26036ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.from 0
- CRITICAL9.8CVE-2023-26035ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.from 0
- CRITICAL9.8CVE-2022-29806ZoneMinder before 1.36.13 allows remote code execution via an invalid language.from 0
- CRITICAL9.8CVE-2019-8429ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.from 0
- CRITICAL9.8CVE-2019-8428ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[Monito…from 0, < 1.34.6-1
- CRITICAL9.8CVE-2019-8427daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.from 0
- CRITICAL9.8CVE-2019-8424ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.from 0, < 1.34.6-1
- CRITICAL9.8CVE-2019-8423ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.from 0
- CRITICAL9.8CVE-2019-6991A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, al…from 0, < 1.32.3-2
- CRITICAL9.8CVE-2018-1000833ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confident…from 0, < 1.32.3-2
- CRITICAL9.8CVE-2018-1000832ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confident…from 0, < 1.32.3-2
- CRITICAL9.8CVE-2016-10204SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit paramete…from 0, < 1.30.4+dfsg-1
- HIGH8.8CVE-2026-27470ZoneMinder is a free, open source closed-circuit television software application.from 0
- HIGH8.8CVE-2023-26039ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.from 0
- HIGH8.8CVE-2023-26034ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.from 0
- HIGH8.8CVE-2019-7346A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try agai…from 0, < 1.34.6-1
- HIGH8.8CVE-2016-10206Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of user…from 0, < 1.30.4+dfsg-1
- HIGH8.8CVE-2017-5368ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a r…from 0, < 1.30.4+dfsg-1
- HIGH8.2CVE-2020-25730Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate pri…from 0, < 1.34.21-1
- HIGH8.1CVE-2023-26032ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.from 0
- HIGH7.5CVE-2022-39289ZoneMinder is a free, open source Closed-circuit television software application.from 0
- HIGH7.5CVE-2019-7347A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated us…from 0, < 1.34.6-1
- from 0, < 1.25.0-4+deb7u1
- from 0, < 1.30.4+dfsg-1
- HIGH7.3CVE-2019-7350Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby…from 0
- HIGH7.3CVE-2016-10205Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie.from 0, < 1.30.4+dfsg-1
- from 0
- MEDIUM6.6CVE-2023-31493RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .php log file in language folder, while ex…from 0
- MEDIUM6.5CVE-2023-41884ZoneMinder is a free, open source Closed-circuit television software application.from 0
- MEDIUM6.5CVE-2023-26038ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.from 0
- MEDIUM6.5CVE-2022-39290ZoneMinder is a free, open source Closed-circuit television software application.from 0
- MEDIUM6.5CVE-2019-7351Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn wi…from 0
- MEDIUM6.1CVE-2024-43359ZoneMinder is a free, open source closed-circuit television software application.from 0
- MEDIUM6.1CVE-2024-43358ZoneMinder is a free, open source closed-circuit television software application.from 0
- MEDIUM6.1CVE-2023-25825ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.from 0
- MEDIUM6.1CVE-2020-25729ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.from 0, < 1.34.21-1
- MEDIUM6.1CVE-2019-8426skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltR…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-8425includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.from 0
- MEDIUM6.1CVE-2019-7352Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7349Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vul…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7348Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7344Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insec…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7343Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a v…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7342POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulner…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7341Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a v…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7340POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulner…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7339POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulner…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7338Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it in…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7336Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7335Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it inse…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7334Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vul…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7333Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vul…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7332Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vul…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7331Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check co…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7330Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vul…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7329Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $_SERVER['PHP_SELF'…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7328Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vul…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7327Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vul…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7326Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-7325Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utiliz…from 0, < 1.34.6-1
- MEDIUM6.1CVE-2019-6992A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or J…from 0, < 1.32.3-2
- from 0, < 1.32.3-2
- from 0, < 1.30.4+dfsg-1
- MEDIUM6.1CVE-2016-10203Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via…from 0, < 1.30.4+dfsg-1
- MEDIUM6.1CVE-2016-10202Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via…from 0, < 1.30.4+dfsg-1
- MEDIUM6.1CVE-2016-10201Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via…from 0, < 1.30.4+dfsg-1
- MEDIUM6.1CVE-2017-5367Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV serve…from 0, < 1.30.4+dfsg-1
- from 0, < 1.30.4+dfsg-1
- from 0, < 1.25.0-4+deb7u2
- MEDIUM5.4CVE-2022-30768A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username fiel…from 0
- MEDIUM5.4CVE-2022-39291ZoneMinder is a free, open source Closed-circuit television software application.from 0
- MEDIUM5.4CVE-2022-39285ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting…from 0
- MEDIUM5.4CVE-2019-13072Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browse…from 0, < 1.34.6-1
- MEDIUM5.4CVE-2019-6990A stored-self XSS exists in web/skins/classic/views/zones.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScr…from 0, < 1.32.3-2
- MEDIUM4.8CVE-2019-7345Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation…from 0, < 1.34.6-1
- MEDIUM4.8CVE-2019-7337Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit pa…from 0, < 1.34.6-1
- MEDIUM4.6CVE-2022-30769Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user.from 0
- —CVE-2013-0332Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a ..from 0, < 1.25.0-1
- from 0, < 1.24.2-8+squeeze1
- from 0, < 1.25.0-4
- —CVE-2008-6756ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and pass…from 0, < 1.22.3-5
- —CVE-2008-6755ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes…from 0, < 1.24.1-1
- —CVE-2008-3882Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1…from 0, < 1.24.1-1
- —CVE-2008-3881Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script…from 0, < 1.24.1-1
- —CVE-2008-3880SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL com…from 0, < 1.24.1-1
- from 0, < 1.23.2-2+lenny1
- from 0, < 1.23.3-1
- —CVE-2004-0227Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string.from 0, < 1.22.3-1