Vulnerabilities > Zabbix > Zabbix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-07 | CVE-2020-11800 | Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. | 7.5 |
| 2020-07-17 | CVE-2020-15803 | Cross-site Scripting vulnerability in multiple products Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. | 6.1 |
| 2020-02-17 | CVE-2013-3738 | Improper Input Validation vulnerability in Zabbix 2.0.6 A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. | 7.5 |
| 2020-02-07 | CVE-2013-3628 | Injection vulnerability in Zabbix 2.0.9 Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability | 6.5 |
| 2019-12-11 | CVE-2013-5743 | SQL Injection vulnerability in Zabbix Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7. | 7.5 |
| 2019-11-30 | CVE-2013-7484 | Inadequate Encryption Strength vulnerability in Zabbix 2.0.8/4.4.0 Zabbix before 5.0 represents passwords in the users table with unsalted MD5. | 7.5 |
| 2019-10-09 | CVE-2019-17382 | Authorization Bypass Through User-Controlled Key vulnerability in Zabbix An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. | 9.1 |
| 2019-08-17 | CVE-2019-15132 | Information Exposure vulnerability in multiple products Zabbix through 4.4.0alpha1 allows User Enumeration. | 5.0 |
| 2019-02-17 | CVE-2016-10742 | Open Redirect vulnerability in multiple products Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. | 5.8 |
| 2018-04-20 | CVE-2017-2825 | Man in the Middle Security Bypass vulnerability in Zabbix Proxy Server In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. | 6.8 |