Vulnerabilities > Zabbix > Zabbix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-09 | CVE-2024-22119 | Cross-site Scripting vulnerability in Zabbix The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section. | 5.4 |
| 2023-10-12 | CVE-2023-32721 | Cross-site Scripting vulnerability in Zabbix A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. | 5.4 |
| 2023-10-12 | CVE-2023-32722 | Out-of-bounds Write vulnerability in Zabbix The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open. | 7.8 |
| 2023-10-12 | CVE-2023-32723 | Incorrect Permission Assignment for Critical Resource vulnerability in Zabbix Request to LDAP is sent before user permissions are checked. | 9.1 |
| 2023-10-12 | CVE-2023-32724 | Incorrect Permission Assignment for Critical Resource vulnerability in Zabbix Memory pointer is in a property of the Ducktape object. | 8.8 |
| 2023-07-13 | CVE-2023-29451 | Out-of-bounds Write vulnerability in Zabbix Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy. | 7.5 |
| 2023-07-13 | CVE-2023-29452 | Cross-site Scripting vulnerability in Zabbix Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider. | 5.4 |
| 2023-07-13 | CVE-2023-29458 | Improper Validation of Array Index vulnerability in Zabbix 5.0.34/6.0.17/6.4.2 Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. | 7.5 |
| 2023-07-13 | CVE-2023-29449 | Allocation of Resources Without Limits or Throttling vulnerability in Zabbix JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. | 4.9 |
| 2023-07-13 | CVE-2023-29450 | Files or Directories Accessible to External Parties vulnerability in Zabbix JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data. | 7.5 |