Vulnerabilities > Zabbix > High

DATE CVE VULNERABILITY TITLE RISK
2021-03-03 CVE-2021-27927 Cross-Site Request Forgery (CSRF) vulnerability in Zabbix
In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism.
network
low complexity
zabbix CWE-352
8.8
2020-02-07 CVE-2013-3628 Injection vulnerability in Zabbix 2.0.9
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability
network
low complexity
zabbix CWE-74
8.8
2019-11-30 CVE-2013-7484 Inadequate Encryption Strength vulnerability in Zabbix 2.0.8/4.4.0
Zabbix before 5.0 represents passwords in the users table with unsalted MD5.
network
low complexity
zabbix CWE-326
7.5
2018-04-20 CVE-2017-2825 In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes.
network
high complexity
zabbix debian
7.0
2017-05-24 CVE-2017-2824 OS Command Injection vulnerability in Zabbix
An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X.
network
high complexity
zabbix CWE-78
8.1
2017-01-23 CVE-2016-4338 SQL Injection vulnerability in Zabbix
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.
network
high complexity
zabbix CWE-89
8.1