Zabbix

Zabbix

98 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2023-32721

  • EPSS 0.52%
  • Published 12.10.2023 07:15:09
  • Last modified 21.11.2024 08:03:54

A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.

7.5

CVE-2023-29458

  • EPSS 0.08%
  • Published 13.07.2023 10:15:09
  • Last modified 21.11.2024 07:57:05

Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we...

5.4

CVE-2023-29452

  • EPSS 1.8%
  • Published 13.07.2023 10:15:09
  • Last modified 21.11.2024 07:57:05

Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider.

7.5

CVE-2023-29451

  • EPSS 0.1%
  • Published 13.07.2023 10:15:09
  • Last modified 21.11.2024 07:57:04

Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.

7.5

CVE-2023-29450

  • EPSS 0.2%
  • Published 13.07.2023 09:15:09
  • Last modified 21.11.2024 07:57:04

JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.

4.9

CVE-2023-29449

  • EPSS 0.45%
  • Published 13.07.2023 09:15:09
  • Last modified 21.11.2024 07:57:04

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Admin...

9.8

CVE-2022-43516

Exploit
  • EPSS 1.09%
  • Published 05.12.2022 20:15:10
  • Last modified 21.11.2024 07:26:41

A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)

6.1

CVE-2022-40626

  • EPSS 1.87%
  • Published 14.09.2022 11:15:53
  • Last modified 21.11.2024 07:21:44

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.

5.4

CVE-2022-35230

  • EPSS 0.43%
  • Published 06.07.2022 11:15:09
  • Last modified 21.11.2024 07:10:56

An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is diffic...

5.4

CVE-2022-35229

  • EPSS 0.5%
  • Published 06.07.2022 11:15:08
  • Last modified 21.11.2024 07:10:56

An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is dif...