The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL query to load the user. If an attacker could determine the HASH key used by ZoneMinder, they could generate a malicious JWT token and use it to execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33. (CVE-2023-26032) Note that Nessus relies on the presence of the package as reported by the…Read More
Linux Distros Unpatched Vulnerability : CVE-2023-26032
