20 matches found
CVE-2026-23927
A flaw was found in Zabbix Agent 2. A user with network access to Agent 2 can inject a malicious Oracle TNS Transparent Network Substrate connection string through the 'service' parameter. This allows Agent 2 to connect to an attacker-controlled server, potentially leading to the disclosure of...
EUVD-2026-14958
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924
A flaw was found in the Zabbix Agent 2 Docker plugin. An attacker with the ability to invoke Agent 2 can exploit improper sanitization of 'docker.containerinfo' parameters. This allows the attacker to inject malicious input via the Docker archive API, leading to the disclosure of arbitrary files...
CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
DEBIAN-CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
UBUNTU-CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2025-27237 DLL injection in Zabbix Agent and Agent 2 via OpenSSL configuration
In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL...
CVE-2025-27234
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution...
CVE-2025-27233
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system...
CVE-2025-27234
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution...
CVE-2025-27233
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system...
CVE-2025-27233 Zabbix Agent 2 smartctl plugin argument injection in Zabbix 6.0 and later.
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system...
CVE-2025-27233 Zabbix Agent 2 smartctl plugin argument injection in Zabbix 6.0 and later.
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system...
CVE-2025-27233
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system...
DEBIAN-CVE-2023-32728
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...
UBUNTU-CVE-2023-32728
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...
PT-2023-8850 · Zabbix +4 · Zabbix Agent 2 +5
Name of the Vulnerable Software and Affected Versions: Zabbix Agent 2 affected versions not specified Description: The issue is related to the Zabbix Agent 2 item key smart.disk.get not sanitizing its parameters before passing them to a shell command, which could lead to remote code execution. Th...
Zabbix Code Injection Vulnerability
Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. A security vulnerability exists in the Zabbix plugin Agent 2, which stems from the fact that Agent 2 packages are built using a version ...