Filtered by vendor Zabbix Subscriptions
Total 104 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-6693 1 Zabbix 1 Zabbix 2025-04-09 N/A
Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions.
CVE-2009-4499 1 Zabbix 1 Zabbix 2025-04-09 N/A
SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c.
CVE-2009-4501 1 Zabbix 1 Zabbix 2025-04-09 N/A
The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword.
CVE-2009-4502 3 Freebsd, Sun, Zabbix 3 Freebsd, Solaris, Zabbix 2025-04-09 N/A
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.
CVE-2007-6210 1 Zabbix 1 Zabbix Agentd 2025-04-09 N/A
zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges.
CVE-2008-1353 1 Zabbix 1 Zabbix 2025-04-09 N/A
zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero.
CVE-2009-4498 1 Zabbix 1 Zabbix 2025-04-09 N/A
The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.
CVE-2009-4500 1 Zabbix 1 Zabbix 2025-04-09 N/A
The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service (crash) via a crafted request with data that lacks an expected : (colon) separator, which triggers a NULL pointer dereference.
CVE-2007-0640 1 Zabbix 1 Zabbix 2025-04-09 N/A
Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."
CVE-2023-29456 1 Zabbix 1 Frontend 2025-02-13 5.7 Medium
URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards.
CVE-2023-29454 1 Zabbix 1 Frontend 2025-02-13 5.4 Medium
Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages.
CVE-2023-32726 1 Zabbix 1 Zabbix-agent 2025-02-13 3.9 Low
The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.
CVE-2023-32723 1 Zabbix 1 Zabbix 2025-02-13 8.5 High
Request to LDAP is sent before user permissions are checked.
CVE-2023-32721 1 Zabbix 1 Zabbix 2025-02-13 7.6 High
A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.
CVE-2023-29457 1 Zabbix 1 Frontend 2025-02-13 6.3 Medium
Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts.
CVE-2023-29455 1 Zabbix 1 Frontend 2025-02-13 5.4 Medium
Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.
CVE-2023-29451 1 Zabbix 1 Zabbix 2025-02-13 4.7 Medium
Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.
CVE-2023-29450 1 Zabbix 1 Zabbix 2025-02-13 8.5 High
JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.
CVE-2024-22122 1 Zabbix 1 Zabbix 2024-12-10 3 Low
Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem.
CVE-2024-22123 1 Zabbix 1 Zabbix 2024-12-10 2.7 Low
Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI.