from 0, < 1:6.0.7+dfsg-2
from 0, < 1:3.0.32+dfsg-0+deb9u2
CRITICAL9.9A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this v…
from 0
CRITICAL9.8The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulne…
from 0
CRITICAL9.8Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected.
from 0
CRITICAL9.8Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it.
from 0, < 1:5.0.44+dfsg-1+deb11u1
CRITICAL9.8Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
from 0, < 1:4.0.0+dfsg-1
CRITICAL9.8A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a r…
from 0, < 1:2.0.7+dfsg-1
CRITICAL9.8Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
from 0, < 1:2.0.8+dfsg-2
CRITICAL9.8XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2…
from 0, < 1:2.2.5+dfsg-1
CRITICAL9.8zabbix - security update
from 0, < 1:3.0.4+dfsg-1
CRITICAL9.8zabbix - security update
from 0, < 1:2.2.7+dfsg-2+deb8u2
CRITICAL9.1The HttpRequest object allows to get the HTTP headers from the server's response after sending the request.
from 0, < 1:5.0.45+dfsg-1+deb11u1
CRITICAL9.1Zabbix allows to configure SMS notifications.
from 0, < 1:5.0.44+dfsg-1+deb11u1
CRITICAL9.1Request to LDAP is sent before user permissions are checked.
from 0, < 1:5.0.0+dfsg-1
CRITICAL9.1An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4.
from 0, < 1:5.0.0+dfsg-1
HIGH8.8A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute…
from 0, < 1:7.0.9+dfsg-1
HIGH8.8A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.
from 0
HIGH8.8An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endp…
from 0, < 1:5.0.44+dfsg-1+deb11u1
HIGH8.8The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of obje…
from 0, < 1:5.0.44+dfsg-1+deb11u1
HIGH8.8Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.
from 0, < 1:5.0.44+dfsg-1+deb11u1
HIGH8.8Zabbix server can perform command execution for configured scripts.
from 0
HIGH8.8The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports.
from 0
HIGH8.8Memory pointer is in a property of the Ducktape object.
from 0, < 1:5.0.44+dfsg-1+deb11u1
HIGH8.8In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControl…
from 0, < 1:5.0.8+dfsg-1
HIGH8.2The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code.
from 0, < 1:7.0.3+dfsg-1
HIGH8.1An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API.
from 0
HIGH8.1The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text.
from 0, < 1:5.0.44+dfsg-1+deb11u1
HIGH8.1The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.
from 0, < 1:5.0.44+dfsg-1+deb11u1
HIGH8.1zabbix - security update
from 0, < 1:3.0.7+dfsg-3
HIGH8.1zabbix - security update
from 0, < 1:2.2.7+dfsg-2+deb8u3
HIGH8.1The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0…
from 0, < 1:3.0.3+dfsg-1
HIGH7.8The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.
from 0, < 1:5.0.44+dfsg-1+deb11u1
HIGH7.5Uncontrolled resource consumption refers to a software vulnerability where a attacker or system uses excessive resources, such as CPU, memo…
from 0, < 1:7.0.1+dfsg-1
HIGH7.5Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint.
from 0, < 1:5.0.44+dfsg-1+deb11u1
HIGH7.5Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.
from 0
HIGH7.5JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on th…
from 0, < 1:5.0.44+dfsg-1+deb11u1
HIGH7.5zabbix - security update
from 0, < 1:5.0.0+dfsg-1
HIGH7.5zabbix - security update
from 0, < 1:4.0.4+dfsg-1+deb10u2
HIGH7.3zabbix - security update
from 0, < 1:5.0.44+dfsg-1+deb11u1
HIGH7.3zabbix - security update
from 0, < 1:5.0.44+dfsg-1+deb11u1
HIGH7.2A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field.
from 0
HIGH7.2An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section.
from 0, < 1:5.0.44+dfsg-1+deb11u1
HIGH7.2An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to exec…
from 0, < 1:5.0.44+dfsg-1+deb11u1
HIGH7.0In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in data…
from 0, < 1:3.0.7+dfsg-3
MEDIUM6.5An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted par…
from 0
MEDIUM6.5A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view.
from 0
MEDIUM6.5Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion.
from 0, < 1:5.0.46+dfsg-1+deb11u1
MEDIUM6.1Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser.
from 0, < 1:5.0.44+dfsg-1+deb11u1
MEDIUM6.1Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim…
from 0, < 1:5.0.44+dfsg-1+deb11u1
MEDIUM6.1An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated us…
from 0, < 1:6.0.7+dfsg-2
MEDIUM6.1zabbix - security update
from 0, < 1:3.0.7+dfsg-3+deb9u1
MEDIUM6.1zabbix - security update
from 0, < 1:5.0.2+dfsg-1
MEDIUM6.1zabbix - security update
from 0, < 1:2.2.23+dfsg-0+deb8u1
MEDIUM6.1zabbix - security update
from 0, < 1:3.0.17+dfsg-1
MEDIUM6.1zabbix - security update
from 0, < 1:3.0.31+dfsg-0+deb9u1
MEDIUM5.9Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053.
from 0, < 1:6.0.13+dfsg-1
MEDIUM5.5When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_…
from 0, < 1:7.0.5+dfsg-1
MEDIUM5.4The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter.
from 0, < 1:5.0.46+dfsg-1+deb11u1
MEDIUM5.4zabbix - security update
from 0, < 1:5.0.44+dfsg-1+deb11u1
MEDIUM5.4zabbix - security update
from 0, < 1:4.0.4+dfsg-1+deb10u5
MEDIUM5.4zabbix - security update
from 0, < 1:5.0.44+dfsg-1+deb11u1
MEDIUM5.4zabbix - security update
from 0, < 1:4.0.4+dfsg-1+deb10u4
MEDIUM5.4URL validation scheme receives input from a user and then parses it to identify its various components.
from 0, < 1:5.0.44+dfsg-1+deb11u1
MEDIUM5.4Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then th…
from 0, < 1:5.0.44+dfsg-1+deb11u1
MEDIUM5.4Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when sel…
from 0
MEDIUM5.4An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users.
from 0, < 1:5.0.44+dfsg-1+deb11u1
MEDIUM5.4An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users.
from 0, < 1:5.0.44+dfsg-1+deb11u1
MEDIUM5.4An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users.
from 0, < 1:5.0.44+dfsg-1+deb11u1
MEDIUM5.3zabbix - security update
from 0, < 1:3.0.32+dfsg-0+deb9u1
MEDIUM5.3zabbix - security update
from 0, < 1:5.0.7+dfsg-1
MEDIUM5.3zabbix - security update
from 0, < 1:4.0.4+dfsg-1+deb10u1
MEDIUM4.9The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP s…
from 0
MEDIUM4.9JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization.
from 0, < 1:5.0.44+dfsg-1+deb11u1
MEDIUM4.4There was discovered a use after free bug in browser.c in the es_browser_get_variant function
from 0, < 1:7.0.5+dfsg-1
MEDIUM4.4An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users.
from 0, < 1:5.0.44+dfsg-1+deb11u1
MEDIUM4.4An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users.
from 0, < 1:5.0.44+dfsg-1+deb11u1
MEDIUM4.4An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users.
from 0, < 1:5.0.44+dfsg-1+deb11u1
MEDIUM4.4zabbix - security update
from 0, < 1:3.0.32+dfsg-0+deb9u3
MEDIUM4.4zabbix - security update
from 0, < 1:5.0.44+dfsg-1+deb11u1
MEDIUM4.3A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refresh action and there…
from 0
MEDIUM4.3User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global V…
from 0, < 1:5.0.44+dfsg-1+deb11u1
LOW3.7The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of info…
from 0, < 1:5.0.45+dfsg-1+deb11u1
LOW3.7An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X.
from 0, < 1:4.0.0+dfsg-1
LOW3.5Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to th…
from 0, < 1:7.0.22+dfsg-1~deb13u1
LOW3.5Zabbix API user.get returns all users that share common group with the calling user.
from 0, < 1:5.0.46+dfsg-1+deb11u1
LOW3.3In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine.
from 0, < 1:5.0.45+dfsg-1+deb11u1
LOW3.3The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails.
from 0, < 1:7.0.5+dfsg-1
LOW3.1zabbix - security update
from 0, < 1:5.0.46+dfsg-1+deb11u1
LOW3.1zabbix - security update
from 0, < 1:5.0.46+dfsg-1+deb11u1
LOW2.7zabbix - security update
from 0, < 1:5.0.45+dfsg-1+deb11u1
LOW2.7zabbix - security update
from 0, < 1:5.0.45+dfsg-1+deb11u1
LOW2.7The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmed…
from 0, < 1:5.0.45+dfsg-1+deb11u1
LOW2.7Setting SMS media allows to set GSM modem file.
from 0, < 1:5.0.44+dfsg-1+deb11u1
LOW2.2When a URL is added to the map element, it is recorded in the database with sequential IDs.
from 0, < 1:5.0.44+dfsg-1+deb11u1
—The Item history widget (in Zabbix 7.0+) or the Plain text widget (in Zabbix 6.0) can execute injected JavaScript when HTML display is enab…
from 0
—A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter.
from 0
—An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any user that open…
from 0
—Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container_info' parameters when forwarding them to the Docker daemon.
from 0
—A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execu…
from 0