CVE-2023-32728
- EPSS 0.53%
- Veröffentlicht 18.12.2023 10:15:07
- Zuletzt bearbeitet 21.11.2024 08:03:55
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.
CVE-2023-29453
- EPSS 0.43%
- Veröffentlicht 12.10.2023 06:15:13
- Zuletzt bearbeitet 21.11.2024 07:57:05
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template li...
CVE-2022-46768
- EPSS 9.24%
- Veröffentlicht 15.12.2022 07:15:09
- Zuletzt bearbeitet 21.11.2024 07:31:01
Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files.
- EPSS 0.42%
- Veröffentlicht 06.01.2022 05:15:09
- Zuletzt bearbeitet 21.11.2024 06:47:17
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.