Zabbix CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2016-10742	2 Debian, Zabbix	2 Debian Linux, Zabbix	2024-11-21	N/A
Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.
CVE-2014-3005	2 Fedoraproject, Zabbix	2 Fedora, Zabbix	2024-11-21	N/A
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.
CVE-2013-7484	1 Zabbix	1 Zabbix	2024-11-21	7.5 High
Zabbix before 5.0 represents passwords in the users table with unsalted MD5.
CVE-2013-5743	1 Zabbix	1 Zabbix	2024-11-21	9.8 Critical
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
CVE-2013-3738	1 Zabbix	1 Zabbix	2024-11-21	9.8 Critical
A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.
CVE-2013-3628	1 Zabbix	1 Zabbix	2024-11-21	8.8 High
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability

« first previous Page 7 of 7.