Zenoss : Security Vulnerabilities, CVEs, CVSS score >= 7
The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988.
Max CVSS
7.5
EPSS Score
0.35%
Published
2019-08-21
Updated
2019-08-30
pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-08-21
Updated
2019-08-27
The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408.
Max CVSS
7.5
EPSS Score
0.49%
Published
2014-12-15
Updated
2016-03-21
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131.
Max CVSS
7.5
EPSS Score
1.88%
Published
2020-02-12
Updated
2022-01-01
Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that is visited during a login session, aka ZEN-12657.
Max CVSS
9.3
EPSS Score
87.22%
Published
2014-12-15
Updated
2016-03-21
Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public (1) read or (2) execute access via a move action, aka ZEN-15386.
Max CVSS
7.5
EPSS Score
0.69%
Published
2014-12-15
Updated
2016-03-21
6 vulnerabilities found