Vulnerabilities > Zabbix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-03 | CVE-2021-27927 | Cross-Site Request Forgery (CSRF) vulnerability in Zabbix In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. | 6.8 |
| 2020-10-07 | CVE-2020-11800 | Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. | 7.5 |
| 2020-07-17 | CVE-2020-15803 | Cross-Site Scripting vulnerability in Zabbix Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. | 4.3 |
| 2020-02-17 | CVE-2013-3738 | Improper Input Validation vulnerability in Zabbix 2.0.6 A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. | 7.5 |
| 2020-02-07 | CVE-2013-3628 | Injection vulnerability in Zabbix 2.0.9 Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability | 6.5 |
| 2019-12-11 | CVE-2013-5743 | SQL Injection vulnerability in Zabbix Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7. | 7.5 |
| 2019-11-30 | CVE-2013-7484 | Inadequate Encryption Strength vulnerability in Zabbix 2.0.8/4.4.0 Zabbix before 5.0 represents passwords in the users table with unsalted MD5. | 5.0 |
| 2019-10-09 | CVE-2019-17382 | Authorization Bypass Through User-Controlled KEY vulnerability in Zabbix An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. | 6.4 |
| 2019-08-17 | CVE-2019-15132 | Information Exposure vulnerability in multiple products Zabbix through 4.4.0alpha1 allows User Enumeration. | 5.0 |
| 2019-02-17 | CVE-2016-10742 | Open Redirect vulnerability in multiple products Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. | 5.8 |