Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zabbix zabbix vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2022-24919
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious c...
Zabbix Frontend
Zabbix Frontend 6.0.0
Debian Debian Linux 9.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
6.5
CVSSv2
CVE-2021-46088
Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE). Any user with the "Zabbix Admin" role is able to run custom shell script on the application server in the context of the application user.
Zabbix Zabbix
1 Github repository
5.1
CVSSv2
CVE-2022-23131
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and g...
Zabbix Zabbix
Zabbix Zabbix 6.0.0
23 Github repositories
7.5
CVSSv2
CVE-2022-23132
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level
Zabbix Zabbix 6.0.0
Zabbix Zabbix
Fedoraproject Fedora 34
Fedoraproject Fedora 35
3.5
CVSSv2
CVE-2022-23133
An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire and...
Zabbix Zabbix
Zabbix Zabbix 6.0.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
5
CVSSv2
CVE-2022-23134
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.
Zabbix Zabbix 6.0.0
Zabbix Zabbix
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
10
CVSSv2
CVE-2022-22704
The zabbix-agent2 package prior to 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.
Zabbix Zabbix-agent2
Zabbix Zabbix-agent2 5.4.9
6.8
CVSSv2
CVE-2021-27927
In Zabbix from 4.0.x prior to 4.0.28rc1, 5.0.0alpha1 prior to 5.0.10rc1, 5.2.x prior to 5.2.6rc1, and 5.4.0alpha1 prior to 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation insid...
Zabbix Zabbix
7.5
CVSSv2
CVE-2020-11800
Zabbix Server 2.2.x and 3.0.x prior to 3.0.31, and 3.2 allows remote malicious users to execute arbitrary code.
Zabbix Zabbix
Zabbix Zabbix 3.2.0
Opensuse Backports Sle 15.0
Opensuse Leap 15.1
Opensuse Leap 15.2
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2020-15803
Zabbix prior to 3.0.32rc1, 4.x prior to 4.0.22rc1, 4.1.x up to and including 4.4.x prior to 4.4.10rc1, and 5.x prior to 5.0.2rc1 allows stored XSS in the URL Widget.
Zabbix Zabbix 5.0.2
Zabbix Zabbix
Zabbix Zabbix 4.4.10
Zabbix Zabbix 4.0.22
Zabbix Zabbix 3.0.32
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Opensuse Leap 15.1
Opensuse Leap 15.2
Opensuse Backports Sle-15
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAP
CVE-2024-4367
server-side request forgery
information disclosure
CVE-2024-34342
CVE-2024-4281
CVE-2024-3507
CVE-2024-25560
CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »