Ubuntu: Security Advisory (USN-4767-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4767-1: Zabbix vulnerabilities

Fu Chuang discovered that Zabbix did not properly parse IPs. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. CVE-2020-11800 It was discovered that Zabbix incorrectly handled certain...

Zabbix Arbitrary Code Execution Vulnerability (CVE-2016-4338)

Zabbix is prone to an arbitrary code execution vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

CVE-2016-4338

The mysql user parameter configuration script userparametermysql.conf in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size paramete...

CVE-2016-4338

CVE-2016-4338 affects Zabbix agents where the mysql size parameter vulnerability resides in the mysql.size parameter within the userparameter_mysql.conf script. The issue occurs when the agent runs with a shell other than bash, enabling context‑dependent attackers to execute arbitrary code or SQL...

GLSA-201612-42 : Zabbix: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201612-42 Zabbix: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Zabbix. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code...

Zabbix Agent 3.0.1 mysql. size shell command injection

CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection Affected products ================= At least Zabbix Agent 1:3.0.1-1+wheezy from http://repo.zabbix.com/zabbix/3.0/debian is vulnerable. Other versions were not tested. Background ========== "Zabbix agent is deployed on a...

Zabbix < 2.0.18 / 2.2.13 / 3.0.3 'mysql.size' Parameter Command Injection

According to its self-reported version number, the instance of Zabbix running on the remote host is affected by a command injection vulnerability due to improper sanitization of user-supplied input to the 'mysql.size' user parameter. An unauthenticated, remote attacker can exploit this to inject...

Zabbix Agent 3.0.1 - mysql.size Shell Command Injection

Zabbix Agent 3.0.1 - mysql.size Shell Command Injection CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection -------------------------------------------------------------------- Affected products ================= At least Zabbix Agent 1:3.0.1-1+wheezy from...

Zabbix Agent 3.0.1 - mysql.size Shell Command Injection

Exploit for linux platform in category local exploits CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection -------------------------------------------------------------------- Affected products ================= At least Zabbix Agent 1:3.0.1-1+wheezy from...

Zabbix Agent 3.0.1 - &#039;mysql.size&#039; Shell Command Injection

CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection -------------------------------------------------------------------- Affected products ================= At least Zabbix Agent 1:3.0.1-1+wheezy from http://repo.zabbix.com/zabbix/3.0/debian is vulnerable. Other versions were not...

Zabbix Agent 3.0.1 mysql.size Shell Command Injection

CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection -------------------------------------------------------------------- Affected products ================= At least Zabbix Agent 1:3.0.1-1+wheezy from http://repo.zabbix.com/zabbix/3.0/debian is vulnerable. Other versions were not...