78 matches found
Astra Linux - уязвимость в zabbix
Zabbix Frontend offers a feature that enables administrators to manage the installation and ensure that only certain IP addresses can access it. This way, no user will be able to access the Zabbix Frontend during maintenance, and sensitive data will be protected from being disclosed. An attacker...
CVE-2025-49643
CVE-2025-49643 affects Zabbix, where an authenticated user (including Guest) can craft parameters sent to /imgstore.php to cause disproportionate CPU load on the webserver, resulting in a denial of service. The provided documents consistently describe this as a frontend DoS/vector due to resource...
EUVD-2014-1759
Malware in sbrugna...
EUVD-2022-43900
Malicious code in bioql PyPI...
EUVD-2022-29245
Malicious code in bioql PyPI...
EUVD-2022-46513
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-43515
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any use...
Linux Distros Unpatched Vulnerability : CVE-2022-24349
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user can create a link with reflected XSS payload for actions' pages, and send it to other users. Malicious code has access to all the same...
CVE-2024-42327 SQL injection in user.get API
A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is availabl...
SUSE CVE-2022-24349
An authenticated user can create a link with reflected XSS payload for actions' pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attac...
SUSE CVE-2022-23131
In the case of instances where the SAML SSO authentication is enabled non-default, session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to...
SUSE CVE-2022-23134
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...
SUSE CVE-2022-40626
An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend...
SUSE CVE-2022-43515
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being...
CVE-2022-43515
CVE-2022-43515 affects Zabbix Frontend by bypassing the IP allowlist that gates access during maintenance. An attacker can reach the frontend from an IP outside the configured range, potentially enabling data exposure. Public sources in the connected documents map this to Zabbix maintenance acces...
CVE-2022-43515 X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being...
CVE-2022-43515 X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being...
CVE-2022-43515
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being...
CVE-2022-43515
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being...
DEBIAN-CVE-2022-43515
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being...