Lookup for vulnerable packages by Package URL.
| Purl | pkg:apk/alpine/zoneminder@1.30.2-r0?arch=ppc64le&distroversion=v3.21&reponame=community |
|---|
| Type | apk |
|---|
| Namespace | alpine |
|---|
| Name | zoneminder |
|---|
| Version | 1.30.2-r0 |
|---|
| Qualifiers |
| arch |
ppc64le |
| distroversion |
v3.21 |
| reponame |
community |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 1.30.2-r3 |
|---|
| Latest_non_vulnerable_version | 1.36.33-r0 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-mqws-cbj6-v3gk |
| vulnerability_id |
VCID-mqws-cbj6-v3gk |
| summary |
Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10140 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.97073 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.97076 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.97078 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.9708 |
| published_at |
2026-06-08T12:55:00Z |
|
| 4 |
| value |
0.34242 |
| scoring_system |
epss |
| scoring_elements |
0.97084 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2016-10140 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2016-10140
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mqws-cbj6-v3gk |
|
| 1 |
| url |
VCID-xgnr-wh6d-5beb |
| vulnerability_id |
VCID-xgnr-wh6d-5beb |
| summary |
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5595 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00101 |
| scoring_system |
epss |
| scoring_elements |
0.27441 |
| published_at |
2026-06-04T12:55:00Z |
|
| 1 |
| value |
0.00101 |
| scoring_system |
epss |
| scoring_elements |
0.27508 |
| published_at |
2026-06-05T12:55:00Z |
|
| 2 |
| value |
0.00101 |
| scoring_system |
epss |
| scoring_elements |
0.27457 |
| published_at |
2026-06-06T12:55:00Z |
|
| 3 |
| value |
0.00101 |
| scoring_system |
epss |
| scoring_elements |
0.27419 |
| published_at |
2026-06-07T12:55:00Z |
|
| 4 |
| value |
0.00101 |
| scoring_system |
epss |
| scoring_elements |
0.27368 |
| published_at |
2026-06-08T12:55:00Z |
|
| 5 |
| value |
0.00101 |
| scoring_system |
epss |
| scoring_elements |
0.27376 |
| published_at |
2026-06-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2017-5595 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
|
| aliases |
CVE-2017-5595
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xgnr-wh6d-5beb |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:apk/alpine/zoneminder@1.30.2-r0%3Farch=ppc64le&distroversion=v3.21&reponame=community |
|---|