Vulnerabilities > Zabbix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-11 | CVE-2013-5743 | SQL Injection vulnerability in Zabbix Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7. | 7.5 |
| 2019-11-30 | CVE-2013-7484 | Inadequate Encryption Strength vulnerability in Zabbix 2.0.8/4.4.0 Zabbix before 5.0 represents passwords in the users table with unsalted MD5. | 7.5 |
| 2019-10-09 | CVE-2019-17382 | Authorization Bypass Through User-Controlled Key vulnerability in Zabbix An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. | 9.1 |
| 2019-08-17 | CVE-2019-15132 | Information Exposure vulnerability in multiple products Zabbix through 4.4.0alpha1 allows User Enumeration. | 5.0 |
| 2019-02-17 | CVE-2016-10742 | Open Redirect vulnerability in multiple products Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. | 5.8 |
| 2018-04-20 | CVE-2017-2825 | Man in the Middle Security Bypass vulnerability in Zabbix Proxy Server In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. | 6.8 |
| 2018-04-09 | CVE-2017-2826 | Information Exposure vulnerability in multiple products An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. | 4.3 |
| 2018-02-01 | CVE-2014-3005 | XXE vulnerability in multiple products XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. | 7.5 |
| 2017-05-24 | CVE-2017-2824 | OS Command Injection vulnerability in Zabbix An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. | 6.8 |
| 2017-02-17 | CVE-2016-10134 | SQL Injection vulnerability in Zabbix SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. | 7.5 |