Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation.
Max CVSS
9.1
EPSS Score
0.05%
Published
2023-10-12
Updated
2023-10-17
Request to LDAP is sent before user permissions are checked.
Max CVSS
9.1
EPSS Score
0.09%
Published
2023-10-12
Updated
2024-01-24
The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.
Max CVSS
9.6
EPSS Score
0.21%
Published
2023-10-12
Updated
2023-10-17
A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)
Max CVSS
9.8
EPSS Score
0.21%
Published
2022-12-05
Updated
2022-12-07

CVE-2022-23131

Known exploited
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
Max CVSS
9.8
EPSS Score
97.19%
Published
2022-01-13
Updated
2022-01-19
CISA KEV Added
2022-02-22
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
Max CVSS
9.8
EPSS Score
2.26%
Published
2020-10-07
Updated
2022-01-01
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
Max CVSS
9.1
EPSS Score
31.41%
Published
2019-10-09
Updated
2023-08-22

CVE-2016-10134

Public exploit
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
Max CVSS
9.8
EPSS Score
5.37%
Published
2017-02-17
Updated
2017-11-04
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
Max CVSS
9.8
EPSS Score
2.43%
Published
2018-02-01
Updated
2018-02-21

CVE-2013-5743

Public exploit
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
Max CVSS
9.8
EPSS Score
97.40%
Published
2019-12-11
Updated
2019-12-16
A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.
Max CVSS
9.8
EPSS Score
1.24%
Published
2020-02-17
Updated
2020-02-20

CVE-2009-4502

Public exploit
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.
Max CVSS
9.3
EPSS Score
91.33%
Published
2009-12-31
Updated
2010-01-01
Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."
Max CVSS
10.0
EPSS Score
0.53%
Published
2007-01-31
Updated
2017-07-29
13 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!