Every CVE whose affected-product data names Zenoss Zenoss Core, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2014-6261 — CVSS 9.3 (critical): Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary…
CVE-2014-9249 — CVSS 7.5 (high): The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to…
CVE-2014-6262 — CVSS 7.5 (high): Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow…
CVE-2014-6256 — CVSS 7.5 (high): Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public (1)…
CVE-2014-9386 — CVSS 6.8 (medium): Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote attackers to hijack…
CVE-2014-6260 — CVSS 6.8 (medium): Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute…
CVE-2014-9385 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5 Beta 3 allows remote attackers to hijack the authentication of…
CVE-2014-6253 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to hijack the…
CVE-2014-6255 — CVSS 6.4 (medium): Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web…
CVE-2014-9245 — CVSS 5.0 (medium): Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid…
CVE-2014-6259 — CVSS 5.0 (medium): Zenoss Core through 5 Beta 3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of…
CVE-2014-9248 — CVSS 5.0 (medium): Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a…
CVE-2014-6257 — CVSS 5.0 (medium): Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions by using a web-endpoint URL to invoke an object…
CVE-2014-9250 — CVSS 5.0 (medium): Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier…
CVE-2014-6258 — CVSS 5.0 (medium): An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service (CPU consumption) by…
CVE-2014-9251 — CVSS 5.0 (medium): Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain…
CVE-2014-6254 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script…
CVE-2014-9247 — CVSS 4.0 (medium): Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive (1) user account, (2) e-mail address, and (3) role…
CVE-2014-9252 — CVSS 2.1 (low): Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive…