The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.
Max CVSS
9.8
EPSS Score
0.13%
Published
2023-12-18
Updated
2023-12-22
The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.
Max CVSS
8.1
EPSS Score
0.06%
Published
2023-12-18
Updated
2024-01-24
The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.
Max CVSS
9.6
EPSS Score
0.09%
Published
2023-12-18
Updated
2023-12-22
Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation.
Max CVSS
9.1
EPSS Score
0.05%
Published
2023-10-12
Updated
2023-10-17
Request to LDAP is sent before user permissions are checked.
Max CVSS
9.1
EPSS Score
0.09%
Published
2023-10-12
Updated
2024-01-24
The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.
Max CVSS
9.6
EPSS Score
0.21%
Published
2023-10-12
Updated
2023-10-17
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g., "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template. Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-10-12
Updated
2023-10-24
JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.
Max CVSS
8.5
EPSS Score
0.09%
Published
2023-07-13
Updated
2023-08-22
A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)
Max CVSS
9.8
EPSS Score
0.21%
Published
2022-12-05
Updated
2022-12-07
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range.
Max CVSS
9.8
EPSS Score
0.25%
Published
2022-12-05
Updated
2023-08-22

CVE-2022-23131

Known exploited
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
Max CVSS
9.8
EPSS Score
97.19%
Published
2022-01-13
Updated
2022-01-19
CISA KEV Added
2022-02-22
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.
Max CVSS
10.0
EPSS Score
0.24%
Published
2022-01-06
Updated
2022-01-31
In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init() method. An attacker doesn't have to know Zabbix user login credentials, but has to know the correct Zabbix URL and contact information of an existing user with sufficient privileges.
Max CVSS
8.8
EPSS Score
0.07%
Published
2021-03-03
Updated
2023-04-12
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
Max CVSS
9.8
EPSS Score
2.26%
Published
2020-10-07
Updated
2022-01-01
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
Max CVSS
9.1
EPSS Score
31.41%
Published
2019-10-09
Updated
2023-08-22
An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability.
Max CVSS
8.1
EPSS Score
71.58%
Published
2017-05-24
Updated
2019-10-03

CVE-2016-10134

Public exploit
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
Max CVSS
9.8
EPSS Score
5.37%
Published
2017-02-17
Updated
2017-11-04
The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.
Max CVSS
8.1
EPSS Score
2.12%
Published
2017-01-23
Updated
2018-10-09
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
Max CVSS
9.8
EPSS Score
2.43%
Published
2018-02-01
Updated
2018-02-21

CVE-2013-5743

Public exploit
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
Max CVSS
9.8
EPSS Score
97.40%
Published
2019-12-11
Updated
2019-12-16
A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.
Max CVSS
9.8
EPSS Score
1.24%
Published
2020-02-17
Updated
2020-02-20

CVE-2013-3628

Public exploit
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability
Max CVSS
8.8
EPSS Score
94.96%
Published
2020-02-07
Updated
2020-02-10

CVE-2009-4502

Public exploit
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.
Max CVSS
9.3
EPSS Score
91.33%
Published
2009-12-31
Updated
2010-01-01
Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."
Max CVSS
10.0
EPSS Score
0.53%
Published
2007-01-31
Updated
2017-07-29
24 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!