Vulnerabilities > Zabbix

DATE CVE VULNERABILITY TITLE RISK
2024-02-09 CVE-2024-22119 Cross-site Scripting vulnerability in Zabbix
The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section.
network
low complexity
zabbix CWE-79
5.4
2023-12-18 CVE-2023-32725 Reliance on Cookies without Validation and Integrity Checking vulnerability in Zabbix Frontend and Zabbix Server
The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports.
network
low complexity
zabbix CWE-565
8.8
2023-12-18 CVE-2023-32726 Improper Check for Unusual or Exceptional Conditions vulnerability in Zabbix Zabbix-Agent
The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.
network
high complexity
zabbix CWE-754
8.1
2023-12-18 CVE-2023-32727 Improper Input Validation vulnerability in Zabbix Server 7.0.0
An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.
network
low complexity
zabbix CWE-20
7.2
2023-12-18 CVE-2023-32728 Code Injection vulnerability in Zabbix Zabbix-Agent2
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.
network
low complexity
zabbix CWE-94
critical
9.8
2023-10-12 CVE-2023-32721 Cross-site Scripting vulnerability in Zabbix
A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.
network
low complexity
zabbix CWE-79
5.4
2023-10-12 CVE-2023-32722 Out-of-bounds Write vulnerability in Zabbix
The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.
local
low complexity
zabbix CWE-787
7.8
2023-10-12 CVE-2023-32723 Incorrect Permission Assignment for Critical Resource vulnerability in Zabbix
Request to LDAP is sent before user permissions are checked.
network
low complexity
zabbix CWE-732
critical
9.1
2023-10-12 CVE-2023-32724 Incorrect Permission Assignment for Critical Resource vulnerability in Zabbix
Memory pointer is in a property of the Ducktape object.
network
low complexity
zabbix CWE-732
8.8
2023-10-12 CVE-2023-29453 Code Injection vulnerability in Zabbix Zabbix-Agent2 5.0.0/6.0.0/6.4.0
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected.
network
low complexity
zabbix CWE-94
critical
9.8