| Bug | bullseye | bookworm | trixie | sid | Description |
|---|
| CVE-2024-36461 | fixed | vulnerable | fixed | fixed | Within Zabbix, users have the ability to directly modify memory pointe ... |
| CVE-2024-36460 | fixed | vulnerable | fixed | fixed | The front-end audit log allows viewing of unprotected plaintext passwo ... |
| CVE-2024-22123 | fixed | vulnerable | fixed | fixed | Setting SMS media allows to set GSM modem file. Later this file is use ... |
| CVE-2024-22122 | fixed | vulnerable | fixed | fixed | Zabbix allows to configure SMS notifications. AT command injection occ ... |
| CVE-2024-22120 | fixed | vulnerable | fixed | fixed | Zabbix server can perform command execution for configured scripts. Af ... |
| CVE-2024-22119 | fixed | vulnerable | fixed | fixed | The cause of vulnerability is improper validation of form input field ... |
| CVE-2024-22116 | fixed | vulnerable | fixed | fixed | An administrator with restricted permissions can exploit the script ex ... |
| CVE-2024-22114 | fixed | vulnerable | fixed | fixed | User with no permission to any of the Hosts can access and view host c ... |
| CVE-2023-32728 | fixed | vulnerable | fixed | fixed | The Zabbix Agent 2 item key smart.disk.get does not sanitize its param ... |
| CVE-2023-32727 | fixed | vulnerable | fixed | fixed | An attacker who has the privilege to configure Zabbix items can use fu ... |
| CVE-2023-32726 | fixed | vulnerable | fixed | fixed | The vulnerability is caused by improper check for check if RDLENGTH do ... |
| CVE-2023-32725 | fixed | vulnerable | fixed | fixed | The website configured in the URL widget will receive a session cookie ... |
| CVE-2023-32724 | fixed | vulnerable | fixed | fixed | Memory pointer is in a property of the Ducktape object. This leads to ... |
| CVE-2023-32722 | fixed | vulnerable (no DSA) | fixed | fixed | The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow ... |
| CVE-2023-32721 | fixed | vulnerable (no DSA) | fixed | fixed | A stored XSS has been found in the Zabbix web application in the Maps ... |
| CVE-2023-29458 | fixed | vulnerable (no DSA) | fixed | fixed | Duktape is an 3rd-party embeddable JavaScript engine, with a focus on ... |
| CVE-2023-29457 | fixed | vulnerable (no DSA) | fixed | fixed | Reflected XSS attacks, occur when a malicious script is reflected off ... |
| CVE-2023-29456 | fixed | vulnerable (no DSA) | fixed | fixed | URL validation scheme receives input from a user and then parses it to ... |
| CVE-2023-29455 | fixed | vulnerable (no DSA) | fixed | fixed | Reflected XSS attacks, also known as non-persistent attacks, occur whe ... |
| CVE-2023-29454 | fixed | vulnerable (no DSA) | fixed | fixed | Stored or persistent cross-site scripting (XSS) is a type of XSS where ... |
| CVE-2023-29452 | fixed | vulnerable (no DSA) | fixed | fixed | Currently, geomap configuration (Administration -> General -> Geograph ... |
| CVE-2023-29451 | fixed | vulnerable (no DSA) | fixed | fixed | Specially crafted string can cause a buffer overrun in the JSON parser ... |
| CVE-2023-29450 | fixed | vulnerable (no DSA) | fixed | fixed | JavaScript pre-processing can be used by the attacker to gain access t ... |
| CVE-2023-29449 | fixed | vulnerable (no DSA) | fixed | fixed | JavaScript preprocessing, webhooks and global scripts can cause uncont ... |
| Bug | Description |
|---|
| TEMP-0391388-A7E978 | zabbix format string vulnerabilities |
| TEMP-0391388-8371AD | zabbix buffer overflows |
| CVE-2024-36462 | Uncontrolled resource consumption refers to a software vulnerability w ... |
| CVE-2024-22121 | A non-admin user can change or remove important features within the Za ... |
| CVE-2023-32723 | Request to LDAP is sent before user permissions are checked. |
| CVE-2022-46768 | Arbitrary file read vulnerability exists in Zabbix Web Service Report ... |
| CVE-2022-43516 | A Firewall Rule which allows all incoming TCP connections to all progr ... |
| CVE-2022-43515 | Zabbix Frontend provides a feature that allows admins to maintain the ... |
| CVE-2022-40626 | An unauthenticated user can create a link with reflected Javascript co ... |
| CVE-2022-35230 | An authenticated user can create a link with reflected Javascript code ... |
| CVE-2022-35229 | An authenticated user can create a link with reflected Javascript code ... |
| CVE-2022-24919 | An authenticated user can create a link with reflected Javascript code ... |
| CVE-2022-24918 | An authenticated user can create a link with reflected Javascript code ... |
| CVE-2022-24917 | An authenticated user can create a link with reflected Javascript code ... |
| CVE-2022-24349 | An authenticated user can create a link with reflected XSS payload for ... |
| CVE-2022-23134 | After the initial setup process, some steps of setup.php file are reac ... |
| CVE-2022-23133 | An authenticated user can create a hosts group from the configuration ... |
| CVE-2022-23132 | During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability i ... |
| CVE-2022-23131 | In the case of instances where the SAML SSO authentication is enabled ... |
| CVE-2021-27927 | In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5 ... |
| CVE-2020-15803 | Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x bef ... |
| CVE-2020-11800 | Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote att ... |
| CVE-2019-17382 | An issue was discovered in zabbix.php?action=dashboard.view&dashboardi ... |
| CVE-2019-15132 | Zabbix through 4.4.0alpha1 allows User Enumeration. With login request ... |
| CVE-2017-2826 | An information disclosure vulnerability exists in the iConfig proxy re ... |
| CVE-2017-2825 | In the trapper functionality of Zabbix Server 2.4.x, specifically craf ... |
| CVE-2017-2824 | An exploitable code execution vulnerability exists in the trapper comm ... |
| CVE-2016-10742 | Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before ... |
| CVE-2016-10134 | SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0 ... |
| CVE-2016-4338 | The mysql user parameter configuration script (userparameter_mysql.con ... |
| CVE-2014-9450 | Multiple SQL injection vulnerabilities in chart_bar.php in the fronten ... |
| CVE-2014-3005 | XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21r ... |
| CVE-2014-1685 | The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2 ... |
| CVE-2014-1682 | The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x ... |
| CVE-2013-7484 | Zabbix before 5.0 represents passwords in the users table with unsalte ... |
| CVE-2013-6824 | Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 ... |
| CVE-2013-5743 | Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc ... |
| CVE-2013-5572 | Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bi ... |
| CVE-2013-3738 | A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequat ... |
| CVE-2013-1364 | The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc ... |
| CVE-2012-6086 | libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x befo ... |
| CVE-2012-3435 | SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix ... |
| CVE-2011-5027 | Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allow ... |
| CVE-2011-4674 | SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, an ... |
| CVE-2011-4615 | Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1 ... |
| CVE-2011-3265 | popup.php in Zabbix before 1.8.7 allows remote attackers to read the c ... |
| CVE-2011-3264 | Zabbix before 1.8.6 allows remote attackers to obtain sensitive inform ... |
| CVE-2011-3263 | zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows con ... |
| CVE-2011-2904 | Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix befor ... |
| CVE-2010-5049 | SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier ... |
| CVE-2010-2790 | Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery ... |
| CVE-2010-1277 | SQL injection vulnerability in the user.authenticate method in the API ... |
| CVE-2009-4502 | The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, whe ... |
| CVE-2009-4501 | The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Serv ... |
| CVE-2009-4500 | The process_trap function in trapper/trapper.c in Zabbix Server before ... |
| CVE-2009-4499 | SQL injection vulnerability in the get_history_lastid function in the ... |
| CVE-2009-4498 | The node_process_command function in Zabbix Server before 1.8 allows r ... |
| CVE-2008-7220 | Unspecified vulnerability in Prototype JavaScript framework (prototype ... |
| CVE-2008-1353 | zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denia ... |
| CVE-2007-6210 | zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" script ... |
| CVE-2007-0640 | Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack v ... |
| CVE-2006-6693 | Multiple buffer overflows in zabbix before 20061006 allow attackers to ... |
| CVE-2006-6692 | Multiple format string vulnerabilities in zabbix before 20061006 allow ... |