146 matches found
Astra Linux - уязвимость в zabbix
The Zabbix Agent 2 item key “smart.disk.get” does not sanitize its parameters before passing them to a shell command, which may lead to a vulnerability for remote code execution...
CVE-2026-23927
A flaw was found in Zabbix Agent 2. A user with network access to Agent 2 can inject a malicious Oracle TNS Transparent Network Substrate connection string through the 'service' parameter. This allows Agent 2 to connect to an attacker-controlled server, potentially leading to the disclosure of...
Linux Distros Unpatched Vulnerability : CVE-2026-23924
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of...
EUVD-2026-14958
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924
A flaw was found in the Zabbix Agent 2 Docker plugin. An attacker with the ability to invoke Agent 2 can exploit improper sanitization of 'docker.containerinfo' parameters. This allows the attacker to inject malicious input via the Docker archive API, leading to the disclosure of arbitrary files...
CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
DEBIAN-CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
UBUNTU-CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924 Agent 2 Docker plugin arbitrary file read via Docker API injection
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924 Agent 2 Docker plugin arbitrary file read via Docker API injection
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
PT-2026-27477
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container info' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-2041
Nagios Host zabbixagentconfigwizardfunc Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within t...
CVE-2026-2041
CVE-2026-2041 is a remote command-injection vulnerability in Nagios Host in the zabbixagent_configwizard_func path. Exploitation relies on insufficient validation of a user-supplied string before it is used in a system call, allowing an attacker to execute code with the service account’s privileg...
CVE-2026-2041
Nagios Host zabbixagentconfigwizardfunc Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this vulnerability. The specific flaw exists within t...
Nagios XI < 2026R1.0.1 Multiple Vulnerabilities
According to the self-reported version of Nagios XI, the remote host is affected by multiple vulnerabilities, including the following: - This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to exploit this...
ROS-20260209-73-0039
A vulnerability in the Agent component of the Zabbix IT infrastructure monitoring system is related to the use of an insecure search path. Exploitation of the vulnerability could allow an attacker to gain write access to arbitrary system files in the /home/cecuser directory...
ROS-20260209-73-0041
A vulnerability in the Agent component of the Zabbix IT infrastructure monitoring system is related to the use of an insecure search path. Exploitation of the vulnerability could allow an attacker to gain write access to arbitrary system files in the /home/cecuser directory...