Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Zabbix
(Zabbix)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 70 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-10-12 | CVE-2023-32723 | Request to LDAP is sent before user permissions are checked. | Zabbix | 9.1 | ||
| 2023-10-12 | CVE-2023-32724 | Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation. | Zabbix | 8.8 | ||
| 2024-02-09 | CVE-2024-22119 | The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section. | Zabbix | 5.4 | ||
| 2006-12-21 | CVE-2006-6693 | Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions. | Zabbix | N/A | ||
| 2006-12-21 | CVE-2006-6692 | Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog. | Zabbix | N/A | ||
| 2010-08-05 | CVE-2010-2790 | Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information. | Zabbix | N/A | ||
| 2019-10-09 | CVE-2019-17382 | An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin. | Zabbix | 9.1 | ||
| 2019-11-30 | CVE-2013-7484 | Zabbix before 5.0 represents passwords in the users table with unsalted MD5. | Zabbix | 7.5 | ||
| 2019-08-17 | CVE-2019-15132 | Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php. | Debian_linux, Zabbix | 5.3 | ||
| 2020-10-07 | CVE-2020-11800 | Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. | Debian_linux, Backports_sle, Leap, Zabbix | 9.8 |