Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Zabbix
(Zabbix)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 70 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-10-12 | CVE-2023-32721 | A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. | Zabbix | 5.4 | ||
| 2023-10-12 | CVE-2023-32722 | The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open. | Zabbix | 7.8 | ||
| 2023-10-12 | CVE-2023-32723 | Request to LDAP is sent before user permissions are checked. | Zabbix | 9.1 | ||
| 2023-10-12 | CVE-2023-32724 | Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation. | Zabbix | 8.8 | ||
| 2024-02-09 | CVE-2024-22119 | The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section. | Zabbix | 5.4 | ||
| 2006-12-21 | CVE-2006-6693 | Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions. | Zabbix | N/A | ||
| 2006-12-21 | CVE-2006-6692 | Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog. | Zabbix | N/A | ||
| 2010-08-05 | CVE-2010-2790 | Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information. | Zabbix | N/A | ||
| 2019-10-09 | CVE-2019-17382 | An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin. | Zabbix | 9.1 | ||
| 2019-11-30 | CVE-2013-7484 | Zabbix before 5.0 represents passwords in the users table with unsalted MD5. | Zabbix | 7.5 |