Vulnerabilities > Zabbix

DATE CVE VULNERABILITY TITLE RISK
2021-03-03 CVE-2021-27927 Cross-Site Request Forgery (CSRF) vulnerability in Zabbix
In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism.
network
zabbix CWE-352
6.8
2020-10-07 CVE-2020-11800 Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
network
low complexity
zabbix opensuse
7.5
2020-07-17 CVE-2020-15803 Cross-Site Scripting vulnerability in Zabbix
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
network
zabbix CWE-79
4.3
2020-02-17 CVE-2013-3738 Improper Input Validation vulnerability in Zabbix 2.0.6
A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.
network
low complexity
zabbix CWE-20
7.5
2020-02-07 CVE-2013-3628 Injection vulnerability in Zabbix 2.0.9
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability
network
low complexity
zabbix CWE-74
6.5
2019-12-11 CVE-2013-5743 SQL Injection vulnerability in Zabbix
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
network
low complexity
zabbix CWE-89
7.5
2019-11-30 CVE-2013-7484 Inadequate Encryption Strength vulnerability in Zabbix 2.0.8/4.4.0
Zabbix before 5.0 represents passwords in the users table with unsalted MD5.
network
low complexity
zabbix CWE-326
5.0
2019-10-09 CVE-2019-17382 Authorization Bypass Through User-Controlled KEY vulnerability in Zabbix
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4.
network
low complexity
zabbix CWE-639
6.4
2019-08-17 CVE-2019-15132 Information Exposure vulnerability in multiple products
Zabbix through 4.4.0alpha1 allows User Enumeration.
network
low complexity
zabbix debian CWE-200
5.0
2019-02-17 CVE-2016-10742 Open Redirect vulnerability in multiple products
Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.
5.8