VYPR

Zabbix Agentd

by Zabbix

CVEs (10)

  • CVE-2025-49642MedDec 1, 2025
    risk 0.38cvss epss 0.00

    Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.

  • CVE-2025-27233MedSep 12, 2025
    risk 0.37cvss epss 0.00

    Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system.

  • CVE-2026-23927MedMay 6, 2026
    risk 0.33cvss epss 0.00

    A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session.

  • CVE-2008-1353Mar 17, 2008
    risk 0.03cvss epss 0.06

    zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero.

  • CVE-2007-6210Dec 4, 2007
    risk 0.03cvss epss 0.01

    zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges.

  • CVE-2026-23924Mar 24, 2026
    risk 0.00cvss epss 0.00

    Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container_info' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API.

  • CVE-2024-22121Aug 9, 2024
    risk 0.00cvss epss 0.00

    A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application.

  • CVE-2023-32728Dec 18, 2023
    risk 0.00cvss epss 0.01

    The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.

  • CVE-2022-43516Dec 12, 2022
    risk 0.00cvss epss 0.01

    A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)

  • CVE-2022-22704Jan 6, 2022
    risk 0.00cvss epss 0.01

    The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.