Vulnerabilities > Zabbix > Zabbix Agent2 > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-32728 | Code Injection vulnerability in Zabbix Zabbix-Agent2 The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution. | 9.8 |
| 2023-10-12 | CVE-2023-29453 | Code Injection vulnerability in Zabbix Zabbix-Agent2 5.0.0/6.0.0/6.4.0 Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. | 9.8 |
| 2022-01-06 | CVE-2022-22704 | Missing Initialization of Resource vulnerability in Zabbix Zabbix-Agent2 The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration. | 9.8 |