Vulnerabilities > Zabbix > Zabbix > 6.0.16

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2024-22114 Improper Preservation of Permissions vulnerability in Zabbix
User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard.
network
low complexity
zabbix CWE-281
4.3
2024-08-12 CVE-2024-22121 Improper Preservation of Permissions vulnerability in Zabbix
A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application.
local
low complexity
zabbix CWE-281
6.1
2024-08-12 CVE-2024-22122 Command Injection vulnerability in Zabbix
Zabbix allows to configure SMS notifications.
network
low complexity
zabbix CWE-77
critical
9.1
2024-08-12 CVE-2024-22123 Code Injection vulnerability in Zabbix
Setting SMS media allows to set GSM modem file.
network
low complexity
zabbix CWE-94
2.7
2024-08-12 CVE-2024-36460 Insufficiently Protected Credentials vulnerability in Zabbix
The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text.
network
low complexity
zabbix CWE-522
8.1
2024-08-12 CVE-2024-36461 Unspecified vulnerability in Zabbix
Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.
network
low complexity
zabbix
8.8
2024-02-09 CVE-2024-22119 Cross-site Scripting vulnerability in Zabbix
The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section.
network
low complexity
zabbix CWE-79
5.4
2023-10-12 CVE-2023-32721 Cross-site Scripting vulnerability in Zabbix
A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.
network
low complexity
zabbix CWE-79
5.4
2023-10-12 CVE-2023-32722 Out-of-bounds Write vulnerability in Zabbix
The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.
local
low complexity
zabbix CWE-787
7.8
2023-10-12 CVE-2023-32724 Incorrect Permission Assignment for Critical Resource vulnerability in Zabbix
Memory pointer is in a property of the Ducktape object.
network
low complexity
zabbix CWE-732
8.8