VYPR

Vendor CVEs

Zabbix

All CVEs

123 total · sorted by risk
  • CVE-2024-42332Nov 27, 2024
    risk 0.00cvss epss 0.01

    The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth…

  • CVE-2024-42331Nov 27, 2024
    risk 0.00cvss epss 0.00

    In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can…

  • CVE-2024-42330Nov 27, 2024
    risk 0.00cvss epss 0.01

    The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create…

  • CVE-2024-42329Nov 27, 2024
    risk 0.00cvss epss 0.00

    The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd->error will be NULL and trying to read from it will result…

  • CVE-2024-42328Nov 27, 2024
    risk 0.00cvss epss 0.00

    When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server's response is an empty document, then wd->data in the code below will remain NULL and an attempt…

  • CVE-2024-42326Nov 27, 2024
    risk 0.00cvss epss 0.00

    There was discovered a use after free bug in browser.c in the es_browser_get_variant function

  • CVE-2024-36468Nov 27, 2024
    risk 0.00cvss epss 0.01

    The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session->securityEngineID to local_record.engineid without proper bounds checking.

  • CVE-2024-36467Nov 27, 2024
    risk 0.00cvss epss 0.01

    An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having…

  • CVE-2024-36463Nov 26, 2024
    risk 0.00cvss epss 0.01

    The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects.

  • CVE-2024-22117Nov 26, 2024
    risk 0.00cvss epss 0.00

    When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value…

  • CVE-2024-22123Aug 9, 2024
    risk 0.00cvss epss 0.01

    Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken…

  • CVE-2024-22116Aug 9, 2024
    risk 0.00cvss epss 0.02

    An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising…

  • CVE-2024-22114Aug 9, 2024
    risk 0.00cvss epss 0.01

    User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard.

  • CVE-2024-36462Aug 9, 2024
    risk 0.00cvss epss 0.01

    Uncontrolled resource consumption refers to a software vulnerability where a attacker or system uses excessive resources, such as CPU, memory, or network bandwidth, without proper limitations or controls. This can cause a denial-of-service (DoS) attack or degrade the performance…

  • CVE-2024-36461Aug 9, 2024
    risk 0.00cvss epss 0.01

    Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.

  • CVE-2024-36460Aug 9, 2024
    risk 0.00cvss epss 0.01

    The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text.

  • CVE-2024-22122Aug 9, 2024
    risk 0.00cvss epss 0.02

    Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT…

  • CVE-2024-22121Aug 9, 2024
    risk 0.00cvss epss 0.00

    A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application.

  • CVE-2024-22119Feb 9, 2024
    risk 0.00cvss epss 0.01

    The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section.

  • CVE-2023-32728Dec 18, 2023
    risk 0.00cvss epss 0.01

    The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.

  • CVE-2023-32727Dec 18, 2023
    risk 0.00cvss epss 0.01

    An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.

  • CVE-2023-32726Dec 18, 2023
    risk 0.00cvss epss 0.01

    The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.

  • CVE-2023-32725Dec 18, 2023
    risk 0.00cvss epss 0.01

    The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.

  • CVE-2023-32724Oct 12, 2023
    risk 0.00cvss epss 0.01

    Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation.

  • CVE-2023-32723Oct 12, 2023
    risk 0.00cvss epss 0.01

    Request to LDAP is sent before user permissions are checked.

  • CVE-2023-32722Oct 12, 2023
    risk 0.00cvss epss 0.01

    The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.

  • CVE-2023-32721Oct 12, 2023
    risk 0.00cvss epss 0.01

    A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.

  • CVE-2023-29453Oct 12, 2023
    risk 0.00cvss epss 0.01

    Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the…

  • CVE-2023-29457Jul 13, 2023
    risk 0.00cvss epss 0.01

    Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts.

  • CVE-2023-29458Jul 13, 2023
    risk 0.00cvss epss 0.01

    Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.

  • CVE-2023-29456Jul 13, 2023
    risk 0.00cvss epss 0.00

    URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards.

  • CVE-2023-29455Jul 13, 2023
    risk 0.00cvss epss 0.01

    Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of…

  • CVE-2023-29454Jul 13, 2023
    risk 0.00cvss epss 0.00

    Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the…

  • CVE-2023-29452Jul 13, 2023
    risk 0.00cvss epss 0.62

    Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider.

  • CVE-2023-29451Jul 13, 2023
    risk 0.00cvss epss 0.01

    Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.

  • CVE-2023-29450Jul 13, 2023
    risk 0.00cvss epss 0.01

    JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.

  • CVE-2023-29449Jul 13, 2023
    risk 0.00cvss epss 0.01

    JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should…

  • CVE-2022-46768Dec 19, 2022
    risk 0.00cvss epss 0.48

    Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files.

  • CVE-2022-43515Dec 12, 2022
    risk 0.00cvss epss 0.01

    Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be…

  • CVE-2022-43516Dec 12, 2022
    risk 0.00cvss epss 0.01

    A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)

  • CVE-2022-40626Sep 14, 2022
    risk 0.00cvss epss 0.01

    An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.

  • CVE-2022-35230Jul 6, 2022
    risk 0.00cvss epss 0.01

    An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.

  • CVE-2022-35229Jul 6, 2022
    risk 0.00cvss epss 0.01

    An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.

  • CVE-2022-24919Mar 9, 2022
    risk 0.00cvss epss 0.01

    An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code…

  • CVE-2022-24917Mar 9, 2022
    risk 0.00cvss epss 0.01

    An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious…

  • CVE-2022-24349Mar 9, 2022
    risk 0.00cvss epss 0.01

    An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to…

  • CVE-2021-46088Jan 27, 2022
    risk 0.00cvss epss 0.04

    Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE). Any user with the "Zabbix Admin" role is able to run custom shell script on the application server in the context of the application user.

  • CVE-2022-23133Jan 13, 2022
    risk 0.00cvss epss 0.01

    An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire…

  • CVE-2022-23132Jan 13, 2022
    risk 0.00cvss epss 0.01

    During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level

  • CVE-2022-22704Jan 6, 2022
    risk 0.00cvss epss 0.01

    The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.