Information on source package zabbix

Available versions

ReleaseVersion
bullseye1:5.0.8+dfsg-1
bullseye (security)1:5.0.45+dfsg-1+deb11u1
bookworm1:6.0.14+dfsg-1
trixie1:7.0.6+dfsg-1
sid1:7.0.6+dfsg-1

Open issues

BugbullseyebookwormtrixiesidDescription
CVE-2024-42333fixedvulnerablefixedfixedThe researcher is showing that it is possible to leak a small amount o ...
CVE-2024-42332fixedvulnerablefixedfixedThe researcher is showing that due to the way the SNMP trap log is par ...
CVE-2024-42331fixedvulnerablefixedfixedIn the src/libs/zbxembed/browser.c file, the es_browser_ctor method re ...
CVE-2024-42330fixedvulnerablefixedfixedThe HttpRequest object allows to get the HTTP headers from the server' ...
CVE-2024-42328fixedfixedvulnerablevulnerableWhen the webdriver for the Browser object downloads data from a HTTP s ...
CVE-2024-42327fixedvulnerablefixedfixedA non-admin user account on the Zabbix frontend with the default User ...
CVE-2024-36467fixedvulnerablefixedfixedAn authenticated user with API access (e.g.: user with default User ro ...
CVE-2024-36466fixedvulnerablefixedfixedA bug in the code allows an attacker to sign a forged zbx_session cook ...
CVE-2024-36464fixedvulnerablevulnerablevulnerableWhen exporting media types, the password is exported in the YAML in pl ...
CVE-2024-36463fixedvulnerablefixedfixedThe implementation of atob in "Zabbix JS" allows to create a string wi ...
CVE-2024-36461fixedvulnerablefixedfixedWithin Zabbix, users have the ability to directly modify memory pointe ...
CVE-2024-36460fixedvulnerablefixedfixedThe front-end audit log allows viewing of unprotected plaintext passwo ...
CVE-2024-22123fixedvulnerablefixedfixedSetting SMS media allows to set GSM modem file. Later this file is use ...
CVE-2024-22122fixedvulnerablefixedfixedZabbix allows to configure SMS notifications. AT command injection occ ...
CVE-2024-22120fixedvulnerablefixedfixedZabbix server can perform command execution for configured scripts. Af ...
CVE-2024-22119fixedvulnerablefixedfixedThe cause of vulnerability is improper validation of form input field ...
CVE-2024-22117fixedvulnerablefixedfixedWhen a URL is added to the map element, it is recorded in the database ...
CVE-2024-22116fixedvulnerablefixedfixedAn administrator with restricted permissions can exploit the script ex ...
CVE-2024-22114fixedvulnerablefixedfixedUser with no permission to any of the Hosts can access and view host c ...
CVE-2023-32728fixedvulnerablefixedfixedThe Zabbix Agent 2 item key smart.disk.get does not sanitize its param ...
CVE-2023-32727fixedvulnerablefixedfixedAn attacker who has the privilege to configure Zabbix items can use fu ...
CVE-2023-32726fixedvulnerablefixedfixedThe vulnerability is caused by improper check for check if RDLENGTH do ...
CVE-2023-32725fixedvulnerablefixedfixedThe website configured in the URL widget will receive a session cookie ...
CVE-2023-32724fixedvulnerablefixedfixedMemory pointer is in a property of the Ducktape object. This leads to ...
CVE-2023-32722fixedvulnerable (no DSA)fixedfixedThe zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow ...
CVE-2023-32721fixedvulnerable (no DSA)fixedfixedA stored XSS has been found in the Zabbix web application in the Maps ...
CVE-2023-29458fixedvulnerable (no DSA)fixedfixedDuktape is an 3rd-party embeddable JavaScript engine, with a focus on ...
CVE-2023-29457fixedvulnerable (no DSA)fixedfixedReflected XSS attacks, occur when a malicious script is reflected off ...
CVE-2023-29456fixedvulnerable (no DSA)fixedfixedURL validation scheme receives input from a user and then parses it to ...
CVE-2023-29455fixedvulnerable (no DSA)fixedfixedReflected XSS attacks, also known as non-persistent attacks, occur whe ...
CVE-2023-29454fixedvulnerable (no DSA)fixedfixedStored or persistent cross-site scripting (XSS) is a type of XSS where ...
CVE-2023-29452fixedvulnerable (no DSA)fixedfixedCurrently, geomap configuration (Administration -> General -> Geograph ...
CVE-2023-29451fixedvulnerable (no DSA)fixedfixedSpecially crafted string can cause a buffer overrun in the JSON parser ...
CVE-2023-29450fixedvulnerable (no DSA)fixedfixedJavaScript pre-processing can be used by the attacker to gain access t ...
CVE-2023-29449fixedvulnerable (no DSA)fixedfixedJavaScript preprocessing, webhooks and global scripts can cause uncont ...

Open unimportant issues

BugbullseyebookwormtrixiesidDescription
CVE-2023-29453vulnerablevulnerablefixedfixedTemplates do not properly consider backticks (`) as Javascript string ...

Resolved issues

BugDescription
TEMP-0391388-A7E978zabbix format string vulnerabilities
TEMP-0391388-8371ADzabbix buffer overflows
CVE-2024-42329The webdriver for the Browser object expects an error object to be ini ...
CVE-2024-42326There was discovered a use after free bug in browser.c in the es_brows ...
CVE-2024-36468The reported vulnerability is a stack buffer overflow in the zbx_snmp_ ...
CVE-2024-36462Uncontrolled resource consumption refers to a software vulnerability w ...
CVE-2024-22121A non-admin user can change or remove important features within the Za ...
CVE-2023-32723Request to LDAP is sent before user permissions are checked.
CVE-2022-46768Arbitrary file read vulnerability exists in Zabbix Web Service Report ...
CVE-2022-43516A Firewall Rule which allows all incoming TCP connections to all progr ...
CVE-2022-43515Zabbix Frontend provides a feature that allows admins to maintain the ...
CVE-2022-40626An unauthenticated user can create a link with reflected Javascript co ...
CVE-2022-35230An authenticated user can create a link with reflected Javascript code ...
CVE-2022-35229An authenticated user can create a link with reflected Javascript code ...
CVE-2022-24919An authenticated user can create a link with reflected Javascript code ...
CVE-2022-24918An authenticated user can create a link with reflected Javascript code ...
CVE-2022-24917An authenticated user can create a link with reflected Javascript code ...
CVE-2022-24349An authenticated user can create a link with reflected XSS payload for ...
CVE-2022-23134After the initial setup process, some steps of setup.php file are reac ...
CVE-2022-23133An authenticated user can create a hosts group from the configuration ...
CVE-2022-23132During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability i ...
CVE-2022-23131In the case of instances where the SAML SSO authentication is enabled ...
CVE-2021-27927In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5 ...
CVE-2020-15803Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x bef ...
CVE-2020-11800Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote att ...
CVE-2019-17382An issue was discovered in zabbix.php?action=dashboard.view&dashboardi ...
CVE-2019-15132Zabbix through 4.4.0alpha1 allows User Enumeration. With login request ...
CVE-2017-2826An information disclosure vulnerability exists in the iConfig proxy re ...
CVE-2017-2825In the trapper functionality of Zabbix Server 2.4.x, specifically craf ...
CVE-2017-2824An exploitable code execution vulnerability exists in the trapper comm ...
CVE-2016-10742Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before ...
CVE-2016-10134SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0 ...
CVE-2016-4338The mysql user parameter configuration script (userparameter_mysql.con ...
CVE-2014-9450Multiple SQL injection vulnerabilities in chart_bar.php in the fronten ...
CVE-2014-3005XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21r ...
CVE-2014-1685The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2 ...
CVE-2014-1682The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x ...
CVE-2013-7484Zabbix before 5.0 represents passwords in the users table with unsalte ...
CVE-2013-6824Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 ...
CVE-2013-5743Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc ...
CVE-2013-5572Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bi ...
CVE-2013-3738A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequat ...
CVE-2013-1364The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc ...
CVE-2012-6086libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x befo ...
CVE-2012-3435SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix ...
CVE-2011-5027Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allow ...
CVE-2011-4674SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, an ...
CVE-2011-4615Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1 ...
CVE-2011-3265popup.php in Zabbix before 1.8.7 allows remote attackers to read the c ...
CVE-2011-3264Zabbix before 1.8.6 allows remote attackers to obtain sensitive inform ...
CVE-2011-3263zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows con ...
CVE-2011-2904Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix befor ...
CVE-2010-5049SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier ...
CVE-2010-2790Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery ...
CVE-2010-1277SQL injection vulnerability in the user.authenticate method in the API ...
CVE-2009-4502The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, whe ...
CVE-2009-4501The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Serv ...
CVE-2009-4500The process_trap function in trapper/trapper.c in Zabbix Server before ...
CVE-2009-4499SQL injection vulnerability in the get_history_lastid function in the ...
CVE-2009-4498The node_process_command function in Zabbix Server before 1.8 allows r ...
CVE-2008-7220Unspecified vulnerability in Prototype JavaScript framework (prototype ...
CVE-2008-1353zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denia ...
CVE-2007-6210zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" script ...
CVE-2007-0640Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack v ...
CVE-2006-6693Multiple buffer overflows in zabbix before 20061006 allow attackers to ...
CVE-2006-6692Multiple format string vulnerabilities in zabbix before 20061006 allow ...

Security announcements

DSA / DLADescription
DLA-3984-1zabbix - security update
DLA-3909-1zabbix - security update
DLA-3798-1zabbix - security update
DLA-3717-1zabbix - security update
DLA-3538-2zabbix - regression update
DLA-3538-1zabbix - security update
DLA-3390-1zabbix - security update
DLA-2980-1zabbix - security update
DLA-2914-1zabbix - security update
DLA-2631-1zabbix - security update
DLA-2461-1zabbix - security update
DLA-2311-1zabbix - security update
DLA-1708-1zabbix - security update
DSA-3937-1zabbix - security update
DSA-3802-1zabbix - security update
DSA-2539-1zabbix - SQL injection
DSA-1420-1zabbix - programming error

Search for package or bug name: Reporting problems