Vulnerabilities > Zabbix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-09 | CVE-2024-22119 | Cross-site Scripting vulnerability in Zabbix The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section. | 5.4 |
| 2023-12-18 | CVE-2023-32725 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Zabbix Frontend and Zabbix Server The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. | 8.8 |
| 2023-12-18 | CVE-2023-32726 | Improper Check for Unusual or Exceptional Conditions vulnerability in Zabbix Zabbix-Agent The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server. | 8.1 |
| 2023-12-18 | CVE-2023-32727 | Improper Input Validation vulnerability in Zabbix Server 7.0.0 An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server. | 7.2 |
| 2023-12-18 | CVE-2023-32728 | Code Injection vulnerability in Zabbix Zabbix-Agent2 The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution. | 9.8 |
| 2023-10-12 | CVE-2023-32721 | Cross-site Scripting vulnerability in Zabbix A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. | 5.4 |
| 2023-10-12 | CVE-2023-32722 | Out-of-bounds Write vulnerability in Zabbix The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open. | 7.8 |
| 2023-10-12 | CVE-2023-32723 | Incorrect Permission Assignment for Critical Resource vulnerability in Zabbix Request to LDAP is sent before user permissions are checked. | 9.1 |
| 2023-10-12 | CVE-2023-32724 | Incorrect Permission Assignment for Critical Resource vulnerability in Zabbix Memory pointer is in a property of the Ducktape object. | 8.8 |
| 2023-10-12 | CVE-2023-29453 | Code Injection vulnerability in Zabbix Zabbix-Agent2 5.0.0/6.0.0/6.4.0 Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. | 9.8 |