Astra Linux - уязвимость в zabbix

JavaScript preprocessing can be exploited by attackers to gain access to the file system read-only access on behalf of the user “zabbix” on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data...

CVE-2026-23919

A flaw was found in Zabbix Server and Proxy. This vulnerability arises from the system's reuse of JavaScript Duktape contexts, which are execution environments for JavaScript code. A regular Zabbix administrator, even without superuser privileges, can exploit this to access and leak sensitive dat...

DEBIAN-CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

CVE-2026-23919 Insufficient isolation of JavaScript (Duktape) execution context on Zabbix Server

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

EUVD-2023-33020

Malicious code in bioql PyPI...

Zabbix Proxy Installed (Linux)

Binary data zabbixproxynixinstalled.nbin...

CVE-2024-36468

CVE-2024-36468 describes a stack buffer overflow in the Zabbix server/proxy code, specifically in the function zbx_snmp_cache_handle_engineid . The issue arises when copying data from session->securityEngineID to local_record.engineid without proper bounds checking, enabling an out-of-bounds w...

SUSE CVE-2023-29451

Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy...

CVE-2023-29451

Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy...

CVE-2023-29451

Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy...

DEBIAN-CVE-2023-29451

Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy...

CVE-2023-29451

Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy...

CVE-2023-29451 Denial of service caused by a bug in the JSON parser

Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy...

CVE-2023-29451 Denial of service caused by a bug in the JSON parser

Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy...

CVE-2023-29451

Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy...

CVE-2023-29450

JavaScript pre-processing can be used by the attacker to gain access to the file system read-only access on behalf of user "zabbix" on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data...

DEBIAN-CVE-2023-29450

JavaScript pre-processing can be used by the attacker to gain access to the file system read-only access on behalf of user "zabbix" on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data...

UBUNTU-CVE-2023-29450

JavaScript pre-processing can be used by the attacker to gain access to the file system read-only access on behalf of user "zabbix" on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data...

CVE-2023-29450 Unauthorized limited filesystem access from preprocessing

JavaScript pre-processing can be used by the attacker to gain access to the file system read-only access on behalf of user "zabbix" on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data...