Filtered by vendor Zabbix
Subscriptions
Filtered by product Zabbix
Subscriptions
Total
65 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29450 | 1 Zabbix | 1 Zabbix | 2024-08-02 | 8.5 High |
| JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data. | ||||
| CVE-2023-29452 | 1 Zabbix | 1 Zabbix | 2024-08-02 | 5.5 Medium |
| Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider. | ||||
| CVE-2023-29451 | 1 Zabbix | 1 Zabbix | 2024-08-02 | 4.7 Medium |
| Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy. | ||||
| CVE-2023-29458 | 1 Zabbix | 1 Zabbix | 2024-08-02 | 5.9 Medium |
| Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use. | ||||
| CVE-2024-22119 | 1 Zabbix | 1 Zabbix | 2024-08-01 | 5.5 Medium |
| The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section. | ||||