Vulnerabilities > Zabbix > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-32728 Code Injection vulnerability in Zabbix Zabbix-Agent2
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.
network
low complexity
zabbix CWE-94
critical
9.8
2023-10-12 CVE-2023-32723 Incorrect Permission Assignment for Critical Resource vulnerability in Zabbix
Request to LDAP is sent before user permissions are checked.
network
low complexity
zabbix CWE-732
critical
9.1
2023-10-12 CVE-2023-29453 Code Injection vulnerability in Zabbix Zabbix-Agent2 5.0.0/6.0.0/6.4.0
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected.
network
low complexity
zabbix CWE-94
critical
9.8
2022-12-05 CVE-2022-43516 A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)
network
low complexity
zabbix microsoft
critical
9.8
2022-12-05 CVE-2022-43515 Incorrect Authorization vulnerability in Zabbix Frontend
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it.
network
low complexity
zabbix CWE-863
critical
9.8
2022-01-13 CVE-2022-23131 Authentication Bypass by Spoofing vulnerability in Zabbix
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified.
network
low complexity
zabbix CWE-290
critical
9.8
2022-01-06 CVE-2022-22704 Missing Initialization of Resource vulnerability in Zabbix Zabbix-Agent2
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.
network
low complexity
zabbix CWE-909
critical
9.8
2020-10-07 CVE-2020-11800 Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
network
low complexity
zabbix opensuse debian
critical
9.8
2020-02-17 CVE-2013-3738 Improper Input Validation vulnerability in Zabbix 2.0.6
A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.
network
low complexity
zabbix CWE-20
critical
9.8
2019-12-11 CVE-2013-5743 SQL Injection vulnerability in Zabbix
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
network
low complexity
zabbix CWE-89
critical
9.8