Zabbix Security Vulnerabilities and Issues — Zabbix CVE List

Lucene search

ZabbixZabbix

5 matches found

CVE•added 2023/07/13 9:15 a.m.•92 views

CVE-2023-29450

JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.

8.5CVSS7.8AI score0.00198EPSS

CVE•added 2023/07/13 9:15 a.m.•68 views

CVE-2023-29449

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted ...

5.9CVSS5.6AI score0.00447EPSS

CVE•added 2023/07/13 10:15 a.m.•56 views

CVE-2023-29458

Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.

7.5CVSS6.4AI score0.00084EPSS

CVE•added 2023/07/13 10:15 a.m.•54 views

CVE-2023-29451

Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.

7.5CVSS5.9AI score0.001EPSS

CVE•added 2023/07/13 10:15 a.m.•45 views

CVE-2023-29452

Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider.

5.5CVSS5.3AI score0.01801EPSS