ReportizFlow
Filtered by vendor Zabbix
Subscriptions
Filtered by product Zabbix
Subscriptions
Total
73 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4499 | 1 Zabbix | 1 Zabbix | 2025-04-09 | N/A |
| SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c. | ||||
| CVE-2009-4501 | 1 Zabbix | 1 Zabbix | 2025-04-09 | N/A |
| The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword. | ||||
| CVE-2009-4498 | 1 Zabbix | 1 Zabbix | 2025-04-09 | N/A |
| The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request. | ||||
| CVE-2009-4500 | 1 Zabbix | 1 Zabbix | 2025-04-09 | N/A |
| The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service (crash) via a crafted request with data that lacks an expected : (colon) separator, which triggers a NULL pointer dereference. | ||||
| CVE-2007-0640 | 1 Zabbix | 1 Zabbix | 2025-04-09 | N/A |
| Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses." | ||||
| CVE-2006-6692 | 1 Zabbix | 1 Zabbix | 2025-04-09 | N/A |
| Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog. | ||||
| CVE-2006-6693 | 1 Zabbix | 1 Zabbix | 2025-04-09 | N/A |
| Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions. | ||||
| CVE-2008-1353 | 1 Zabbix | 1 Zabbix | 2025-04-09 | N/A |
| zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero. | ||||
| CVE-2009-4502 | 3 Freebsd, Sun, Zabbix | 3 Freebsd, Solaris, Zabbix | 2025-04-09 | N/A |
| The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses. | ||||
| CVE-2022-23134 | 3 Debian, Fedoraproject, Zabbix | 3 Debian Linux, Fedora, Zabbix | 2025-03-13 | 3.7 Low |
| After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. | ||||
| CVE-2022-23131 | 1 Zabbix | 1 Zabbix | 2025-03-13 | 9.1 Critical |
| In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default). | ||||
| CVE-2024-22119 | 1 Zabbix | 1 Zabbix | 2025-02-13 | 5.5 Medium |
| The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section. | ||||
| CVE-2023-32723 | 1 Zabbix | 1 Zabbix | 2025-02-13 | 8.5 High |
| Request to LDAP is sent before user permissions are checked. | ||||
| CVE-2023-32721 | 1 Zabbix | 1 Zabbix | 2025-02-13 | 7.6 High |
| A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. | ||||
| CVE-2023-29451 | 1 Zabbix | 1 Zabbix | 2025-02-13 | 4.7 Medium |
| Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy. | ||||
| CVE-2023-29450 | 1 Zabbix | 1 Zabbix | 2025-02-13 | 8.5 High |
| JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data. | ||||
| CVE-2024-22122 | 1 Zabbix | 1 Zabbix | 2024-12-10 | 3 Low |
| Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem. | ||||
| CVE-2024-22123 | 1 Zabbix | 1 Zabbix | 2024-12-10 | 2.7 Low |
| Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI. | ||||
| CVE-2024-22121 | 1 Zabbix | 1 Zabbix | 2024-12-10 | 6.1 Medium |
| A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application. | ||||
| CVE-2024-36462 | 1 Zabbix | 1 Zabbix | 2024-12-10 | 7.5 High |
| Uncontrolled resource consumption refers to a software vulnerability where a attacker or system uses excessive resources, such as CPU, memory, or network bandwidth, without proper limitations or controls. This can cause a denial-of-service (DoS) attack or degrade the performance of the affected system. | ||||