rpm package
opensuse/zabbix&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/zabbix&distro=openSUSE%20Leap%2015.3
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-4126 | — | < 4.0.38-bp153.2.3.1 | 4.0.38-bp153.2.3.1 | Dec 22, 2022 | When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression | ||
| CVE-2022-23134 | — | KEV | < 4.0.37-lp153.2.3.1 | 4.0.37-lp153.2.3.1 | Jan 13, 2022 | After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. | |
| CVE-2021-44538 | — | < 4.0.38-bp153.2.3.1 | 4.0.38-bp153.2.3.1 | Dec 14, 2021 | The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can cons | ||
| CVE-2021-27927 | — | < 4.0.37-lp153.2.3.1 | 4.0.37-lp153.2.3.1 | Mar 3, 2021 | In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the in | ||
| CVE-2020-15803 | — | < 4.0.37-lp153.2.3.1 | 4.0.37-lp153.2.3.1 | Jul 17, 2020 | Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. |
- CVE-2021-4126Dec 22, 2022affected < 4.0.38-bp153.2.3.1fixed 4.0.38-bp153.2.3.1
When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression
- affected < 4.0.37-lp153.2.3.1fixed 4.0.37-lp153.2.3.1
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
- CVE-2021-44538Dec 14, 2021affected < 4.0.38-bp153.2.3.1fixed 4.0.38-bp153.2.3.1
The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the channel. Attackers can cons
- CVE-2021-27927Mar 3, 2021affected < 4.0.37-lp153.2.3.1fixed 4.0.37-lp153.2.3.1
In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the in
- CVE-2020-15803Jul 17, 2020affected < 4.0.37-lp153.2.3.1fixed 4.0.37-lp153.2.3.1
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.