Zabbix 6.0.x < 6.0.41 / 7.0.x < 7.0.18 / 7.2.x < 7.2.12 / 7.4.x < 7.4.2 Multiple Vulnerabilities

The version of Zabbix Server installed on the remote host is prior to 6.0.41, 7.0.18, 7.2.12, 7.4.2. It is, therefore, affected by multiple vulnerabilities : - An issue exists due to the LDAP 'Bind password' value being leaked when a Super Admin changes the LDAP 'Host' to a rogue LDAP server. An...

Zabbix 安全漏洞

Zabbix is an open-source monitoring system developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has security vulnerabilities; one of these vulnerabilities stems from the ability to instantiate arbitrary PHP class...

MiracleLinux 3 : zabbix-1.6.9-2.AXS3 (AXSA:2011-372:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-372:01 advisory. ZABBIX is software that monitors numerous parameters of a network and the health and integrity of servers. ZABBIX uses a flexible notification...

EUVD-2010-2794

Malware in sbrugna...

EUVD-2011-4539

Malware in sbrugna...

ROS-20250616-26

A vulnerability in the Zabbix Universal Monitoring System server is related to excessive data output by an by the application. Exploitation of the vulnerability could allow a remote attacker to gain access to potentially sensitive information. to potentially sensitive information. A vulnerability...

Fedora 40 : zabbix (2025-d4263ef3ef)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-d4263ef3ef advisory. Update to 6.0.39 CVE-2024-45700, CVE-2024-36469, CVE-2024-42325, CVE-2024-45699 Tenable has extracted the preceding description block directly from...

Fedora 41 : zabbix (2025-a7a06a72c8)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-a7a06a72c8 advisory. Update to 7.0.11 CVE-2024-36465, CVE-2024-36469, CVE-2024-42325, CVE-2024-45699, CVE-2024-45700 Tenable has extracted the preceding description bloc...

ROS-20250326-07

A vulnerability in the snmptrapd daemon of the Zabbix universal monitoring system is related to improper processing of the output data for logs. Exploitation of the vulnerability could allow an attacker, acting remotely, to spoof the user interface Vulnerability of strbase64encoderfc2047 function...

Advisory ROSA-SA-2025-2773

Software: zabbix 6.0.34 OS: ROSA Virtualization 3.0 packageevrstring: zabbix-6.0.34-2.rv30 CVE-ID: CVE-2024-22114 BDU-ID: 2025-00959 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Zabbix Universal Monitoring System is related to improper saving of permissions. Exploitation of the vulnerabilit...

ROS-20250110-05

The vulnerability of the Zabbix universal monitoring system server is related to the use of uncontrolled format strings when processing HttpRequest objects. format strings when processing HttpRequest objects. Exploitation of the vulnerability could allow an attacker, acting remotely, to gain...

ROS-20241216-01

Vulnerability of zbxsnmpcachehandleengineid function of Universal Monitoring System proxy server Zabbix is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in Zabbix...

ROS-20241216-04

A vulnerability in the Single sign-on SSO authentication mechanism of the Zabbix universal monitoring system is related to authentication bypass via spoofing. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and elevate their...

Advisory ROSA-SA-2024-2539

software: zabbix5.0 5.0.40 WASP: ROSA-CHROME packageevrstring: zabbix5.0-5.0.40-1 CVE-ID: CVE-2023-32721 BDU-ID: 2023-06803 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Zabbix Universal Monitoring System interface is related to insufficient input validation when processing the URL field of th...

Security update for zabbix (moderate)

openSUSE Security Update: Security update for zabbix Announcement ID: openSUSE-SU-2024:0384-1 Rating: moderate References: 1229198 1229204 Cross-References: CVE-2024-22114 CVE-2024-36461 CVSS scores: CVE-2024-22114 SUSE: 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2024-36461 SUSE: 9.1...

Vulnerabilities fixed in Zabbix

Vulnerabilities have been fixed in Zabbix. A malicious party could exploit the vulnerabilities to cause a denial-of-service, gain access to sensitive data, or potentially execute arbitrary code with application privileges. To execute arbitrary code, the malicious party needs prior elevated...

MGASA-2014-0095 Updated zabbix packages fix multiple vulnerabilities

Updated zabbix packages fix security vulnerabilities: Zabbix before 2.0.11 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldapbindpassword value in the HTML source code CVE-2013-5572. Zabbix before 2.0.11 allows switchi...