55 matches found
Information Disclosure
Zabbix is vulnerable to an information disclosure. The vulnerability is due to the reuse of JavaScript Duktape contexts in Zabbix Server/Proxy, which allows a regular non-super administrator to leak sensitive data from hosts they are not authorized to access through shared global JavaScript...
Astra Linux - уязвимость в zabbix
Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use...
Astra Linux - уязвимость в zabbix
In the src/libs/zbxembed/browser.c file, the esbrowserctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is then used by the browserpusherror method in the src/libs/zbxembed/browsererror.c file. A use-after-free bug can occur at this stage if the wd-browser...
Zabbix 6.0.x < 6.0.41 / 7.0.x < 7.0.19 / 7.2.x < 7.2.13 / 7.4.x < 7.4.3 Information Disclosure (ZBX-27638)
The version of Zabbix Server installed on the remote host is prior to 6.0.41, 7.0.19, 7.2.13, 7.4.3. It is, therefore, affected by an information disclosure vulnerability : - Zabbix Server/Proxy reuses JavaScript Duktape contexts for performance reasons. This can lead to confidentiality loss wher...
Linux Distros Unpatched Vulnerability : CVE-2026-23919
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to...
CVE-2026-23919
A flaw was found in Zabbix Server and Proxy. This vulnerability arises from the system's reuse of JavaScript Duktape contexts, which are execution environments for JavaScript code. A regular Zabbix administrator, even without superuser privileges, can exploit this to access and leak sensitive dat...
DEBIAN-CVE-2026-23919
For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...
UBUNTU-CVE-2026-23919
For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...
CVE-2026-23919
For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...
CVE-2026-23919 Insufficient isolation of JavaScript (Duktape) execution context on Zabbix Server
For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...
CVE-2026-23919
For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...
PT-2026-27473
Name of the Vulnerable Software and Affected Versions Zabbix versions prior to 7.4 Description A design flaw in Zabbix Server/Proxy related to JavaScript Duktape context reuse can result in data leakage. Specifically, a regular Zabbix administrator may unintentionally expose data for hosts they a...
EUVD-2023-33027
Malicious code in bioql PyPI...
EUVD-2024-39875
Malicious code in bioql PyPI...
EUVD-2021-33010
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-46322
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component dukpushtval in duktape/dukapistack.c. CVE-2021-46322 Note that Nessus relies o...
Linux Distros Unpatched Vulnerability : CVE-2023-29458
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will...
Linux Distros Unpatched Vulnerability : CVE-2024-42331
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the src/libs/zbxembed/browser.c file, the esbrowserctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently...
SUSE CVE-2024-42331
In the src/libs/zbxembed/browser.c file, the esbrowserctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browserpusherror method in the src/libs/zbxembed/browsererror.c file. A use-after-free bug can occur at this stage if th...
DEBIAN-CVE-2024-42331
In the src/libs/zbxembed/browser.c file, the esbrowserctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browserpusherror method in the src/libs/zbxembed/browsererror.c file. A use-after-free bug can occur at this stage if th...