Vulnerabilities > Zabbix > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-32725 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Zabbix Frontend and Zabbix Server The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. | 8.8 |
| 2023-12-18 | CVE-2023-32726 | Improper Check for Unusual or Exceptional Conditions vulnerability in Zabbix Zabbix-Agent The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server. | 8.1 |
| 2023-12-18 | CVE-2023-32727 | Improper Input Validation vulnerability in Zabbix Server 6.0.22/6.4.7/7.0.0 An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server. | 7.2 |
| 2023-10-12 | CVE-2023-32722 | Out-of-bounds Write vulnerability in Zabbix The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open. | 7.8 |
| 2023-10-12 | CVE-2023-32724 | Incorrect Permission Assignment for Critical Resource vulnerability in Zabbix Memory pointer is in a property of the Ducktape object. | 8.8 |
| 2023-07-13 | CVE-2023-29451 | Out-of-bounds Write vulnerability in Zabbix Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy. | 7.5 |
| 2023-07-13 | CVE-2023-29458 | Improper Validation of Array Index vulnerability in Zabbix 5.0.34/6.0.17/6.4.2 Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. | 7.5 |
| 2023-07-13 | CVE-2023-29450 | Files or Directories Accessible to External Parties vulnerability in Zabbix JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data. | 7.5 |
| 2022-01-27 | CVE-2021-46088 | Unspecified vulnerability in Zabbix Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE). | 7.2 |
| 2022-01-13 | CVE-2022-23132 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. | 7.3 |