Vulnerabilities > Zabbix > Zabbix > 2.3.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-13 | CVE-2023-29451 | Out-of-bounds Write vulnerability in Zabbix Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy. | 7.5 |
| 2023-07-13 | CVE-2023-29449 | Allocation of Resources Without Limits or Throttling vulnerability in Zabbix JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. | 4.9 |
| 2023-07-13 | CVE-2023-29450 | Files or Directories Accessible to External Parties vulnerability in Zabbix JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data. | 7.5 |
| 2022-07-06 | CVE-2022-35229 | Cross-site Scripting vulnerability in Zabbix An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. | 5.4 |
| 2022-07-06 | CVE-2022-35230 | Cross-site Scripting vulnerability in Zabbix An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. | 5.4 |
| 2020-10-07 | CVE-2020-11800 | Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. | 9.8 |
| 2020-07-17 | CVE-2020-15803 | Cross-site Scripting vulnerability in multiple products Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. | 6.1 |
| 2019-10-09 | CVE-2019-17382 | Authorization Bypass Through User-Controlled Key vulnerability in Zabbix An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. | 9.1 |
| 2019-08-17 | CVE-2019-15132 | Information Exposure Through Discrepancy vulnerability in multiple products Zabbix through 4.4.0alpha1 allows User Enumeration. | 5.3 |
| 2018-02-01 | CVE-2014-3005 | XXE vulnerability in multiple products XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. | 9.8 |