Filtered by vendor Zabbix
Subscribe
Total
88 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-5049 | 1 Zabbix | 1 Zabbix | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the nav_time parameter. | |||||
| CVE-2009-4500 | 1 Zabbix | 1 Zabbix | 2025-04-09 | 5.0 MEDIUM | N/A |
| The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service (crash) via a crafted request with data that lacks an expected : (colon) separator, which triggers a NULL pointer dereference. | |||||
| CVE-2009-4498 | 1 Zabbix | 1 Zabbix | 2025-04-09 | 6.8 MEDIUM | N/A |
| The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request. | |||||
| CVE-2007-0640 | 1 Zabbix | 1 Zabbix | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses." | |||||
| CVE-2006-6693 | 1 Zabbix | 1 Zabbix | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions. | |||||
| CVE-2009-4502 | 3 Freebsd, Sun, Zabbix | 3 Freebsd, Solaris, Zabbix | 2025-04-09 | 9.3 HIGH | N/A |
| The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses. | |||||
| CVE-2008-1353 | 1 Zabbix | 1 Zabbix | 2025-04-09 | 4.3 MEDIUM | N/A |
| zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero. | |||||
| CVE-2007-6210 | 1 Zabbix | 1 Zabbix Agentd | 2025-04-09 | 2.1 LOW | N/A |
| zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges. | |||||
| CVE-2006-6692 | 1 Zabbix | 1 Zabbix | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog. | |||||
| CVE-2009-4499 | 1 Zabbix | 1 Zabbix | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c. | |||||
| CVE-2009-4501 | 1 Zabbix | 1 Zabbix | 2025-04-09 | 5.0 MEDIUM | N/A |
| The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword. | |||||
| CVE-2022-23134 | 3 Debian, Fedoraproject, Zabbix | 3 Debian Linux, Fedora, Zabbix | 2025-03-12 | 5.0 MEDIUM | 3.7 LOW |
| After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. | |||||
| CVE-2022-23131 | 1 Zabbix | 1 Zabbix | 2025-03-12 | 5.1 MEDIUM | 9.1 CRITICAL |
| In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default). | |||||
| CVE-2023-29456 | 1 Zabbix | 1 Frontend | 2025-02-13 | N/A | 5.7 MEDIUM |
| URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards. | |||||
| CVE-2023-29454 | 1 Zabbix | 1 Frontend | 2025-02-13 | N/A | 5.4 MEDIUM |
| Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages. | |||||
| CVE-2024-22122 | 1 Zabbix | 1 Zabbix | 2024-12-10 | N/A | 3.0 LOW |
| Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem. | |||||
| CVE-2024-22123 | 1 Zabbix | 1 Zabbix | 2024-12-10 | N/A | 2.7 LOW |
| Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI. | |||||
| CVE-2024-22121 | 1 Zabbix | 1 Zabbix | 2024-12-10 | N/A | 6.1 MEDIUM |
| A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application. | |||||
| CVE-2024-36462 | 1 Zabbix | 1 Zabbix | 2024-12-10 | N/A | 7.5 HIGH |
| Uncontrolled resource consumption refers to a software vulnerability where a attacker or system uses excessive resources, such as CPU, memory, or network bandwidth, without proper limitations or controls. This can cause a denial-of-service (DoS) attack or degrade the performance of the affected system. | |||||
| CVE-2024-36461 | 1 Zabbix | 1 Zabbix | 2024-12-10 | N/A | 9.1 CRITICAL |
| Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine. | |||||