Product:

Zabbix

(Zabbix)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 42
Date Id Summary Products Score Patch Annotated
2020-10-07 CVE-2020-11800 Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. Backports_sle, Leap, Zabbix 9.8
2019-02-17 CVE-2016-10742 Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. Debian_linux, Zabbix 6.1
2020-07-17 CVE-2020-15803 Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. Zabbix N/A
2020-02-17 CVE-2013-3738 A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. Zabbix N/A
2020-02-07 CVE-2013-3628 Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability Zabbix N/A
2019-12-11 CVE-2013-5743 Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7. Zabbix N/A
2019-11-30 CVE-2013-7484 Zabbix before 5.0 represents passwords in the users table with unsalted MD5. Zabbix N/A
2019-10-09 CVE-2019-17382 An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin. Zabbix N/A
2018-04-20 CVE-2017-2825 In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability. Debian_linux, Zabbix 7.0
2017-05-24 CVE-2017-2824 An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability. Zabbix 8.1