Vulnerabilities > Zabbix

DATE CVE VULNERABILITY TITLE RISK
2019-11-30 CVE-2013-7484 Inadequate Encryption Strength vulnerability in Zabbix 2.0.8/4.4.0
Zabbix before 5.0 represents passwords in the users table with unsalted MD5.
network
low complexity
zabbix CWE-326
7.5
7.5
2019-10-09 CVE-2019-17382 Authorization Bypass Through User-Controlled Key vulnerability in Zabbix
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4.
network
low complexity
zabbix CWE-639
critical
 9.1
9.1
2019-08-17 CVE-2019-15132 Information Exposure Through Discrepancy vulnerability in multiple products
Zabbix through 4.4.0alpha1 allows User Enumeration.
network
low complexity
zabbix debian CWE-203
5.3
5.3
2019-02-17 CVE-2016-10742 Open Redirect vulnerability in multiple products
Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.
network
low complexity
zabbix debian CWE-601
6.1
6.1
2018-04-20 CVE-2017-2825 In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes.
network
high complexity
zabbix debian
7.0
7.0
2018-04-09 CVE-2017-2826 Information Exposure vulnerability in multiple products
An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X.
network
high complexity
zabbix debian CWE-200
3.7
3.7
2018-02-01 CVE-2014-3005 XXE vulnerability in multiple products
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
network
low complexity
zabbix fedoraproject CWE-611
critical
 9.8
9.8
2017-05-24 CVE-2017-2824 OS Command Injection vulnerability in Zabbix
An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X.
network
high complexity
zabbix CWE-78
8.1
8.1
2017-02-17 CVE-2016-10134 SQL Injection vulnerability in Zabbix
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
network
low complexity
zabbix CWE-89
critical
 9.8
9.8
2017-01-23 CVE-2016-4338 SQL Injection vulnerability in Zabbix
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.
network
high complexity
zabbix CWE-89
8.1
8.1