Lucene search
K

144 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Zabbix

A authenticated user can create a link containing reflected JavaScript code for the graphs page and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict...

5.4CVSS6.7AI score0.00714EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Zabbix

In the src/libs/zbxembed/browser.c file, the esbrowserctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is then used by the browserpusherror method in the src/libs/zbxembed/browsererror.c file. A use-after-free bug can occur at this stage if the wd-browser...

3.3CVSS4.8AI score0.00261EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Zabbix

A authenticated user can create a link containing reflected JavaScript code for a graph page and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the sa...

4.4CVSS5.8AI score0.00779EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Zabbix

Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine...

9.1CVSS7.8AI score0.00755EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Zabbix

A authenticated user can create a link containing XSS payloads for action pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page, and can make arbitrary modifications to the contents of the page displayed to the victim. This attack can be...

4.6CVSS5.7AI score0.00779EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Zabbix

The researcher has shown that it is possible to leak a small amount of Zabbix Server memory through an out-of-bounds read in the src/libs/zbxmedia/email.c file...

2.7CVSS5.8AI score0.00613EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Zabbix

The vulnerability is caused by an improper check to ensure that RDLENGTH does not overflow the buffer in response from the DNS server...

8.1CVSS7.9AI score0.00673EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Zabbix

A verified Zabbix user including guests can cause excessive CPU load on the webserver by sending specially crafted parameters to /imgstore.php, potentially leading to a denial of service...

6.5CVSS5.5AI score0.00319EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Zabbix

The researcher has shown that due to the way the SNMP trap log is parsed, an attacker can create an SNMP trap with additional lines of information, causing forged data to appear in the Zabbix UI. This attack requires that SNMP authentication be disabled, and/or that the attacker knows the...

3.7CVSS5.4AI score0.00628EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Zabbix

During Zabbix installation from RPM, the DACOVERRIDE SELinux capability is used to access PID files in the /var/run/zabbix folder. In this case, processes of Zabbix Proxy or Server can bypass the file read, write, and execute permission checks at the file system level...

7.5CVSS7.5AI score0.00796EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Zabbix

A authenticated user can create a hosts group using the configuration with XSS payload, which will be available to other users. When XSS is stored by an authenticated malicious actor, and other users attempt to search for groups during the creation of new hosts, the XSS payload will activate,...

6.3CVSS6.2AI score0.01035EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Zabbix

A authenticated user with API access e.g., a user with the default User role can be added to any group e.g., Zabbix Administrators. Specifically, a user with access to the user.update API endpoint can be added to any group, except for groups that are disabled or have restricted GUI access...

8.8CVSS7.2AI score0.0073EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Zabbix

The URL validation scheme receives input from a user and then parses it to identify its various components. This validation scheme ensures that all URL components comply with internet standards...

5.7CVSS5.6AI score0.00467EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Zabbix

A authenticated user can create a link containing reflected JavaScript code on its own pages and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the sa...

4.4CVSS5.2AI score0.00739EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Zabbix

When the WebDriver for the Browser object downloads data from an HTTP server, the data pointer is set to NULL and is only allocated during the curlwritecb operation when receiving data. If the server’s response is an empty document, then wd-data in the code below will remain NULL, and attempting ...

5.5CVSS5.5AI score0.00234EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.11 views

Zabbix 安全漏洞

Zabbix is a set of open-source monitoring systems developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has security vulnerabilities; one of these vulnerabilities allows users who can connect to Agent 2 to inject...

5CVSS5.8AI score0.00229EPSS
Exploits0References2
Redos
Redos
added 2026/05/05 12:0 a.m.6 views

ROS-20260505-73-0005

Vulnerability in zabbix-lts related to argument injection or modification. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...

6.1CVSS6.1AI score0.00251EPSS
Exploits0
Redos
Redos
added 2026/04/17 12:0 a.m.10 views

ROS-20260417-73-0035

Vulnerability in zabbix7.2 related to failure to take measures to protect sql query structure. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

8.7CVSS6.2AI score0.0024EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-23919

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to...

7.1CVSS5.8AI score0.00154EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.8 views

Zabbix 安全漏洞

Zabbix is an open-source monitoring system developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has security vulnerabilities, which stem from improper regular expression validation in multi-line modes. This could...

7.7CVSS5.8AI score0.00248EPSS
Exploits0References3
Rows per page
Query Builder