Vulnerabilities > Zabbix > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-32728 Code Injection vulnerability in Zabbix Zabbix-Agent2
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.
network
low complexity
zabbix CWE-94
critical
9.8
2023-10-12 CVE-2023-32723 Incorrect Permission Assignment for Critical Resource vulnerability in Zabbix
Request to LDAP is sent before user permissions are checked.
network
low complexity
zabbix CWE-732
critical
9.1
2023-10-12 CVE-2023-29453 Code Injection vulnerability in Zabbix Zabbix-Agent2 5.0.0/6.0.0/6.4.0
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected.
network
low complexity
zabbix CWE-94
critical
9.8
2022-12-05 CVE-2022-43516 A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)
network
low complexity
zabbix microsoft
critical
9.8
2022-12-05 CVE-2022-43515 Incorrect Authorization vulnerability in Zabbix Frontend
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it.
network
low complexity
zabbix CWE-863
critical
9.8
2022-01-06 CVE-2022-22704 Missing Initialization of Resource vulnerability in Zabbix Zabbix-Agent2
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.
network
low complexity
zabbix CWE-909
critical
9.8
2019-10-09 CVE-2019-17382 Authorization Bypass Through User-Controlled Key vulnerability in Zabbix
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4.
network
low complexity
zabbix CWE-639
critical
9.1
2009-12-31 CVE-2009-4502 Permissions, Privileges, and Access Controls vulnerability in Zabbix
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen.
network
zabbix freebsd sun CWE-264
critical
9.3
2007-01-31 CVE-2007-0640 Buffer Overflow vulnerability in Zabbix
Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."
network
low complexity
zabbix
critical
10.0