Vulnerabilities in Zabbix
83 resultsCVE-2023-32725CRITICALLeak of zbx_session cookie when using a scheduled report that includes a dashboard with a URL widget.EPSS 0.8%CVE-2024-36463MEDIUMThe implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objecEPSS 0.8%CVE-2022-23132LOWIncorrect permissions of [/var/run/zabbix] forces dac_overrideEPSS 0.8%CVE-2022-24919LOWReflected XSS in graph configuration window of Zabbix FrontendEPSS 0.8%CVE-2022-24349MEDIUMReflected XSS in action configuration window of Zabbix FrontendEPSS 0.8%CVE-2022-24917LOWReflected XSS in service configuration window of Zabbix FrontendEPSS 0.8%CVE-2024-36461CRITICALDirect access to memory pointers within the JS engine for modificationEPSS 0.8%CVE-2023-32728MEDIUMCode injection in zabbix_agent2 smart.disk.get caused by smartctl pluginEPSS 0.8%CVE-2023-29453CRITICALAgent 2 package are built with Go version affected by CVE-2023-24538EPSS 0.8%CVE-2022-24918LOWReflected XSS in item configuration window of Zabbix FrontendEPSS 0.7%CVE-2024-36466HIGHUnauthenticated Zabbix frontend takeover when SSO is being usedEPSS 0.7%CVE-2024-36467HIGHAuthentication privilege escalation via user groups due to missing authorization checksEPSS 0.7%CVE-2023-32722CRITICALStack-buffer Overflow in library module zbxjsonEPSS 0.7%CVE-2023-32726LOWPossible buffer overread from reading DNS responsesEPSS 0.7%CVE-2022-40626MEDIUMReflected XSS in the backurl parameter of Zabbix FrontendEPSS 0.7%CVE-2023-29451MEDIUMDenial of service caused by a bug in the JSON parserEPSS 0.7%CVE-2024-22119MEDIUMStored XSS in graph items select formEPSS 0.7%CVE-2023-29458MEDIUMDuktape 2.6 bug crashes JavaScript putting too many values in valstack.EPSS 0.6%CVE-2024-42332LOWNew line injection in Zabbix SNMP trapsEPSS 0.6%CVE-2024-42333LOWHeap buffer over-readEPSS 0.6%