Zabbix : Security Vulnerabilities, CVEs, (Denial of service) CVSS score >= 4
zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows context-dependent attackers to cause a denial of service (CPU consumption) by executing the vfs.file.cksum command for a special device, as demonstrated by the /dev/urandom device.
Max CVSS
5.0
EPSS Score
0.25%
Published
2011-08-19
Updated
2017-08-29
The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword.
Max CVSS
5.0
EPSS Score
0.26%
Published
2009-12-31
Updated
2010-01-01
The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service (crash) via a crafted request with data that lacks an expected : (colon) separator, which triggers a NULL pointer dereference.
Max CVSS
5.0
EPSS Score
0.23%
Published
2009-12-31
Updated
2010-01-12
zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero.
Max CVSS
4.3
EPSS Score
6.87%
Published
2008-03-17
Updated
2018-10-11
Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions.
Max CVSS
7.5
EPSS Score
0.78%
Published
2006-12-21
Updated
2011-03-08
Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog.
Max CVSS
7.5
EPSS Score
0.82%
Published
2006-12-21
Updated
2011-03-08
6 vulnerabilities found