Vulnerabilities > Zabbix > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-32728 | Code Injection vulnerability in Zabbix Zabbix-Agent2 The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution. | 9.8 |
| 2023-10-12 | CVE-2023-32723 | Incorrect Permission Assignment for Critical Resource vulnerability in Zabbix Request to LDAP is sent before user permissions are checked. | 9.1 |
| 2023-10-12 | CVE-2023-29453 | Code Injection vulnerability in Zabbix Zabbix-Agent2 5.0.0/6.0.0/6.4.0 Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. | 9.8 |
| 2022-12-05 | CVE-2022-43516 | A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI) | 9.8 |
| 2022-12-05 | CVE-2022-43515 | Incorrect Authorization vulnerability in Zabbix Frontend Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. | 9.8 |
| 2022-01-13 | CVE-2022-23131 | Authentication Bypass by Spoofing vulnerability in Zabbix In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. | 9.8 |
| 2022-01-06 | CVE-2022-22704 | Missing Initialization of Resource vulnerability in Zabbix Zabbix-Agent2 The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration. | 9.8 |
| 2020-10-07 | CVE-2020-11800 | Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. | 9.8 |
| 2020-02-17 | CVE-2013-3738 | Improper Input Validation vulnerability in Zabbix 2.0.6 A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. | 9.8 |
| 2019-12-11 | CVE-2013-5743 | SQL Injection vulnerability in Zabbix Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7. | 9.8 |