CVE-2023-32728
- EPSS 0.53%
- Published 18.12.2023 10:15:07
- Last modified 21.11.2024 08:03:55
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.
CVE-2023-29453
- EPSS 0.43%
- Published 12.10.2023 06:15:13
- Last modified 21.11.2024 07:57:05
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template li...
CVE-2022-46768
- EPSS 9.24%
- Published 15.12.2022 07:15:09
- Last modified 21.11.2024 07:31:01
Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files.
- EPSS 0.42%
- Published 06.01.2022 05:15:09
- Last modified 21.11.2024 06:47:17
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.