Vulnerabilities > Zabbix > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-32725 Reliance on Cookies without Validation and Integrity Checking vulnerability in Zabbix Frontend and Zabbix Server
The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports.
network
low complexity
zabbix CWE-565
8.8
2023-12-18 CVE-2023-32726 Improper Check for Unusual or Exceptional Conditions vulnerability in Zabbix Zabbix-Agent
The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.
network
high complexity
zabbix CWE-754
8.1
2023-12-18 CVE-2023-32727 Improper Input Validation vulnerability in Zabbix Server 7.0.0
An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.
network
low complexity
zabbix CWE-20
7.2
2023-10-12 CVE-2023-32722 Out-of-bounds Write vulnerability in Zabbix
The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.
local
low complexity
zabbix CWE-787
7.8
2023-10-12 CVE-2023-32724 Incorrect Permission Assignment for Critical Resource vulnerability in Zabbix
Memory pointer is in a property of the Ducktape object.
network
low complexity
zabbix CWE-732
8.8
2023-07-13 CVE-2023-29451 Out-of-bounds Write vulnerability in Zabbix
Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.
network
low complexity
zabbix CWE-787
7.5
2023-07-13 CVE-2023-29458 Improper Validation of Array Index vulnerability in Zabbix 5.0.34/6.0.17/6.4.2
Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint.
network
low complexity
zabbix CWE-129
7.5
2023-07-13 CVE-2023-29450 Files or Directories Accessible to External Parties vulnerability in Zabbix
JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.
network
low complexity
zabbix CWE-552
7.5
2022-01-13 CVE-2022-23132 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder.
network
low complexity
zabbix fedoraproject CWE-732
7.3
2020-10-07 CVE-2020-11800 Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
network
low complexity
zabbix opensuse debian
7.5