Known Vulnerabilities for products from Zabbix
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Zabbix".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-32726 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.1 - HIGH | 2023-12-18 | 2024-01-24 |
| CVE-2023-32724 json | Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory acces... | 8.8 - HIGH | 2023-10-12 | 2023-10-17 |
| CVE-2023-32723 json | Request to LDAP is sent before user permissions are checked. | 9.1 - CRITICAL | 2023-10-12 | 2024-01-24 |
| CVE-2023-32722 json | The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open. | 7.8 - HIGH | 2023-10-12 | 2023-10-17 |
| CVE-2023-32721 json | A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. | 5.4 - MEDIUM | 2023-10-12 | 2024-01-24 |
| CVE-2023-30958 json | A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's C... | 6.1 - MEDIUM | 2023-08-03 | 2023-11-07 |
| CVE-2023-29458 json | Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many... | 7.5 - HIGH | 2023-07-13 | 2023-07-25 |
| CVE-2023-29457 json | Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script c... | 6.1 - MEDIUM | 2023-07-13 | 2023-08-22 |
| CVE-2023-29456 json | URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme... | 5.4 - MEDIUM | 2023-07-13 | 2023-08-22 |
| CVE-2023-29455 json | Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application... | 6.1 - MEDIUM | 2023-07-13 | 2023-08-22 |
| CVE-2023-29454 json | Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web appli... | 5.4 - MEDIUM | 2023-07-13 | 2023-08-22 |
| CVE-2023-29453 json | Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backtic... | 9.8 - CRITICAL | 2023-10-12 | 2023-10-24 |
| CVE-2023-29452 json | Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attributi... | 5.4 - MEDIUM | 2023-07-13 | 2023-07-25 |
| CVE-2023-29451 json | Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Z... | 7.5 - HIGH | 2023-07-13 | 2023-08-22 |
| CVE-2023-29450 json | JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "... | 7.5 - HIGH | 2023-07-13 | 2023-08-22 |
| CVE-2023-29449 json | JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preproces... | 4.9 - MEDIUM | 2023-07-13 | 2023-07-25 |
| CVE-2022-46768 json | Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The servic... | 5.9 - MEDIUM | 2022-12-15 | 2022-12-19 |
| CVE-2022-43516 json | A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Wind... | 9.8 - CRITICAL | 2022-12-05 | 2022-12-07 |
| CVE-2022-43515 json | Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses ... | 9.8 - CRITICAL | 2022-12-05 | 2023-08-22 |
| CVE-2022-40626 json | An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other au... | 6.1 - MEDIUM | 2022-09-14 | 2023-11-07 |
Known software with vulnerabilities from Zabbix
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Zabbix | Zabbix | 1.0 |