Vulnerabilities > Zabbix > Zabbix Agent2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-18 | CVE-2023-32728 | Code Injection vulnerability in Zabbix Zabbix-Agent2 The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution. | 9.8 |
2023-10-12 | CVE-2023-29453 | Code Injection vulnerability in Zabbix Zabbix-Agent2 5.0.0/6.0.0/6.4.0 Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. | 9.8 |
2022-12-15 | CVE-2022-46768 | Improper Input Validation vulnerability in Zabbix web Service Report Generation and Zabbix-Agent2 Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. | 5.9 |
2022-01-06 | CVE-2022-22704 | Missing Initialization of Resource vulnerability in Zabbix Zabbix-Agent2 The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration. | 9.8 |