Lucene search
K

144 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Zabbix

The HttpRequest object allows you to retrieve the HTTP headers from the server’s response after sending a request. The issue is that the returned strings are created directly from the data sent by the server and are not properly encoded for JavaScript. This enables the creation of internal string...

9.1CVSS7.7AI score0.00952EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Zabbix

The vulnerability is caused by an improper check to ensure that RDLENGTH does not overflow the buffer in response from the DNS server...

8.1CVSS7.9AI score0.00673EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Zabbix

When the WebDriver for the Browser object downloads data from an HTTP server, the data pointer is set to NULL and is only allocated during the curlwritecb operation when receiving data. If the server’s response is an empty document, then wd-data in the code below will remain NULL, and attempting ...

5.5CVSS5.5AI score0.00234EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Zabbix

During Zabbix installation from RPM, the DACOVERRIDE SELinux capability is used to access PID files in the /var/run/zabbix folder. In this case, processes of Zabbix Proxy or Server can bypass the file read, write, and execute permission checks at the file system level...

7.5CVSS7.5AI score0.00796EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Zabbix

A authenticated user can create a hosts group using the configuration with XSS payload, which will be available to other users. When XSS is stored by an authenticated malicious actor, and other users attempt to search for groups during the creation of new hosts, the XSS payload will activate,...

6.3CVSS6.2AI score0.01035EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Zabbix

A authenticated user can create a link containing XSS payloads for action pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page, and can make arbitrary modifications to the contents of the page displayed to the victim. This attack can be...

4.6CVSS5.7AI score0.00779EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Zabbix

The URL validation scheme receives input from a user and then parses it to identify its various components. This validation scheme ensures that all URL components comply with internet standards...

5.7CVSS5.6AI score0.00467EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Zabbix

A authenticated user can create a link containing reflected JavaScript code on its own pages and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the sa...

4.4CVSS5.2AI score0.00739EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Zabbix

A authenticated user can create a link containing reflected JavaScript code for a graph page and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the sa...

4.4CVSS5.8AI score0.00779EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Zabbix

A authenticated user can create a link containing reflected JavaScript code for the graphs page and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict...

5.4CVSS6.7AI score0.00593EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

Zabbix 安全漏洞

Zabbix is a set of open-source monitoring systems developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has security vulnerabilities; one of these vulnerabilities allows users who can connect to Agent 2 to inject...

5CVSS5.8AI score0.00229EPSS
Exploits0References2
Redos
Redos
added 2026/05/05 12:0 a.m.5 views

ROS-20260505-73-0005

Vulnerability in zabbix-lts related to argument injection or modification. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...

6.1CVSS6.1AI score0.00251EPSS
Exploits0
Redos
Redos
added 2026/04/17 12:0 a.m.7 views

ROS-20260417-73-0035

Vulnerability in zabbix7.2 related to failure to take measures to protect sql query structure. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

8.7CVSS6.2AI score0.0024EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-23919

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to...

7.1CVSS5.8AI score0.00154EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.7 views

Zabbix 安全漏洞

Zabbix is an open-source monitoring system developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has security vulnerabilities, which stem from improper regular expression validation in multi-line modes. This could...

7.7CVSS5.8AI score0.00248EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/06 8:24 a.m.5 views

CVE-2026-23925

An authenticated Zabbix user User role with template/host write permissions is able to create objects via the configuration.import API. This can lead to confidentiality loss by creating unauthorized hosts. Note that the User role is normally not sufficient to create and edit templates/hosts even...

5.1CVSS5.8AI score0.00255EPSS
Exploits0References2Affected Software1
Redos
Redos
added 2026/02/16 12:0 a.m.6 views

ROS-20260216-73-0021

A vulnerability in the imgstore.php script of the Zabbix IT infrastructure monitoring system is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

6.5CVSS5.6AI score0.00319EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.6 views

Astra Linux - уязвимость в zabbix

The reported vulnerability is a stack buffer overflow in the zbxsnmpcachehandleengineid function within the Zabbix server/proxy code. This issue occurs when copying data from session-securityEngineID to localrecord.engineid without proper bounds checking...

8.2CVSS6AI score0.005EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.4 views

Astra Linux – Vulnerability in Zabbix

A verified Zabbix user including guests can cause excessive CPU load on the webserver by sending specially crafted parameters to /imgstore.php, potentially leading to a denial of service...

6.5CVSS5.5AI score0.00319EPSS
Exploits0References3
Redos
Redos
added 2025/11/05 12:0 a.m.3 views

ROS-20251105-08

Zabbix universal monitoring system vulnerability is related to authorization errors. Exploitation vulnerability can allow a remote attacker to gain unauthorized access to protected information. protected information Vulnerability of Zabbix universal monitoring system is related to a logical error...

6.5CVSS6.6AI score0.00387EPSS
Exploits0
Rows per page
Query Builder