pkg:Debian/zabbix
136 total CVEsCRITICAL14HIGH28MEDIUM39LOW13
✅ Check your installed version
All known vulnerabilities
- from 0, < 1:6.0.7+dfsg-2
- from 0, < 1:3.0.32+dfsg-0+deb9u2
- CRITICAL9.9CVE-2024-42327A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this v…from 0
- CRITICAL9.8CVE-2023-32728The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulne…from 0
- CRITICAL9.8CVE-2023-29453Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected.from 0
- CRITICAL9.8CVE-2022-43515Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it.from 0, < 1:5.0.44+dfsg-1+deb11u1
- CRITICAL9.8CVE-2020-11800Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.from 0, < 1:4.0.0+dfsg-1
- CRITICAL9.8CVE-2013-3738A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a r…from 0, < 1:2.0.7+dfsg-1
- CRITICAL9.8CVE-2013-5743Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.from 0, < 1:2.0.8+dfsg-2
- CRITICAL9.8CVE-2014-3005XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2…from 0, < 1:2.2.5+dfsg-1
- from 0, < 1:3.0.4+dfsg-1
- from 0, < 1:2.2.7+dfsg-2+deb8u2
- CRITICAL9.1CVE-2024-42330The HttpRequest object allows to get the HTTP headers from the server's response after sending the request.from 0, < 1:5.0.45+dfsg-1+deb11u1
- from 0, < 1:5.0.44+dfsg-1+deb11u1
- from 0, < 1:5.0.0+dfsg-1
- CRITICAL9.1CVE-2019-17382An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4.from 0, < 1:5.0.0+dfsg-1
- HIGH8.8CVE-2024-36465A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute…from 0, < 1:7.0.9+dfsg-1
- HIGH8.8CVE-2024-36466A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.from 0
- HIGH8.8CVE-2024-36467An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endp…from 0, < 1:5.0.44+dfsg-1+deb11u1
- HIGH8.8CVE-2024-36463The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of obje…from 0, < 1:5.0.44+dfsg-1+deb11u1
- HIGH8.8CVE-2024-36461Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.from 0, < 1:5.0.44+dfsg-1+deb11u1
- from 0
- HIGH8.8CVE-2023-32725The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports.from 0
- from 0, < 1:5.0.44+dfsg-1+deb11u1
- HIGH8.8CVE-2021-27927In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControl…from 0, < 1:5.0.8+dfsg-1
- HIGH8.2CVE-2024-36468The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code.from 0, < 1:7.0.3+dfsg-1
- HIGH8.1CVE-2024-36460The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text.from 0, < 1:5.0.44+dfsg-1+deb11u1
- HIGH8.1CVE-2023-32726The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.from 0, < 1:5.0.44+dfsg-1+deb11u1
- from 0, < 1:3.0.7+dfsg-3
- from 0, < 1:2.2.7+dfsg-2+deb8u3
- HIGH8.1CVE-2016-4338The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0…from 0, < 1:3.0.3+dfsg-1
- HIGH7.8CVE-2023-32722The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.from 0, < 1:5.0.44+dfsg-1+deb11u1
- HIGH7.5CVE-2024-36462Uncontrolled resource consumption refers to a software vulnerability where a attacker or system uses excessive resources, such as CPU, memo…from 0, < 1:7.0.1+dfsg-1
- HIGH7.5CVE-2023-29458Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint.from 0, < 1:5.0.44+dfsg-1+deb11u1
- HIGH7.5CVE-2023-29451Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.from 0
- HIGH7.5CVE-2023-29450JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on th…from 0, < 1:5.0.44+dfsg-1+deb11u1
- from 0, < 1:5.0.0+dfsg-1
- from 0, < 1:4.0.4+dfsg-1+deb10u2
- from 0, < 1:5.0.44+dfsg-1+deb11u1
- from 0, < 1:5.0.44+dfsg-1+deb11u1
- HIGH7.2CVE-2025-27240A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field.from 0
- HIGH7.2CVE-2024-22116An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section.from 0, < 1:5.0.44+dfsg-1+deb11u1
- HIGH7.2CVE-2023-32727An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to exec…from 0, < 1:5.0.44+dfsg-1+deb11u1
- HIGH7.0CVE-2017-2825In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in data…from 0, < 1:3.0.7+dfsg-3
- MEDIUM6.5CVE-2025-49643An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted par…from 0
- MEDIUM6.5CVE-2025-27236A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view.from 0
- MEDIUM6.5CVE-2024-45700Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion.from 0, < 1:5.0.46+dfsg-1+deb11u1
- MEDIUM6.1CVE-2023-29457Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser.from 0, < 1:5.0.44+dfsg-1+deb11u1
- MEDIUM6.1CVE-2023-29455Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim…from 0, < 1:5.0.44+dfsg-1+deb11u1
- MEDIUM6.1CVE-2022-40626An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated us…from 0, < 1:6.0.7+dfsg-2
- from 0, < 1:3.0.7+dfsg-3+deb9u1
- from 0, < 1:5.0.2+dfsg-1
- from 0, < 1:2.2.23+dfsg-0+deb8u1
- from 0, < 1:3.0.17+dfsg-1
- from 0, < 1:3.0.31+dfsg-0+deb9u1
- MEDIUM5.9CVE-2022-46768Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053.from 0, < 1:6.0.13+dfsg-1
- MEDIUM5.5CVE-2024-42328When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_…from 0, < 1:7.0.5+dfsg-1
- MEDIUM5.4CVE-2024-45699The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter.from 0, < 1:5.0.46+dfsg-1+deb11u1
- from 0, < 1:4.0.4+dfsg-1+deb10u5
- from 0, < 1:5.0.44+dfsg-1+deb11u1
- from 0, < 1:5.0.44+dfsg-1+deb11u1
- from 0, < 1:4.0.4+dfsg-1+deb10u4
- MEDIUM5.4CVE-2023-29456URL validation scheme receives input from a user and then parses it to identify its various components.from 0, < 1:5.0.44+dfsg-1+deb11u1
- MEDIUM5.4CVE-2023-29454Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then th…from 0, < 1:5.0.44+dfsg-1+deb11u1
- MEDIUM5.4CVE-2023-29452Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when sel…from 0
- MEDIUM5.4CVE-2022-35230An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users.from 0, < 1:5.0.44+dfsg-1+deb11u1
- MEDIUM5.4CVE-2022-35229An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users.from 0, < 1:5.0.44+dfsg-1+deb11u1
- MEDIUM5.4CVE-2022-23133An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users.from 0, < 1:5.0.44+dfsg-1+deb11u1
- from 0, < 1:4.0.4+dfsg-1+deb10u1
- from 0, < 1:5.0.7+dfsg-1
- from 0, < 1:3.0.32+dfsg-0+deb9u1
- MEDIUM4.9CVE-2025-27231The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP s…from 0
- MEDIUM4.9CVE-2023-29449JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization.from 0, < 1:5.0.44+dfsg-1+deb11u1
- MEDIUM4.4CVE-2024-42326There was discovered a use after free bug in browser.c in the es_browser_get_variant functionfrom 0, < 1:7.0.5+dfsg-1
- MEDIUM4.4CVE-2022-24919An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users.from 0, < 1:5.0.44+dfsg-1+deb11u1
- MEDIUM4.4CVE-2022-24918An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users.from 0, < 1:5.0.44+dfsg-1+deb11u1
- MEDIUM4.4CVE-2022-24917An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users.from 0, < 1:5.0.44+dfsg-1+deb11u1
- from 0, < 1:5.0.44+dfsg-1+deb11u1
- from 0, < 1:3.0.32+dfsg-0+deb9u3
- MEDIUM4.3CVE-2025-49641A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refresh action and there…from 0
- MEDIUM4.3CVE-2024-22114User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global V…from 0, < 1:5.0.44+dfsg-1+deb11u1
- LOW3.7CVE-2024-42332The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of info…from 0, < 1:5.0.45+dfsg-1+deb11u1
- LOW3.7CVE-2017-2826An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X.from 0, < 1:4.0.0+dfsg-1
- LOW3.5CVE-2025-27238Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to th…from 0, < 1:7.0.22+dfsg-1~deb13u1
- LOW3.5CVE-2024-42325Zabbix API user.get returns all users that share common group with the calling user.from 0, < 1:5.0.46+dfsg-1+deb11u1
- LOW3.3CVE-2024-42331In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine.from 0, < 1:5.0.45+dfsg-1+deb11u1
- LOW3.3CVE-2024-42329The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails.from 0, < 1:7.0.5+dfsg-1
- from 0, < 1:5.0.46+dfsg-1+deb11u1
- from 0, < 1:5.0.46+dfsg-1+deb11u1
- from 0, < 1:5.0.45+dfsg-1+deb11u1
- from 0, < 1:5.0.45+dfsg-1+deb11u1
- LOW2.7CVE-2024-42333The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmed…from 0, < 1:5.0.45+dfsg-1+deb11u1
- from 0, < 1:5.0.44+dfsg-1+deb11u1
- LOW2.2CVE-2024-22117When a URL is added to the map element, it is recorded in the database with sequential IDs.from 0, < 1:5.0.44+dfsg-1+deb11u1
- —CVE-2026-23928The Item history widget (in Zabbix 7.0+) or the Plain text widget (in Zabbix 6.0) can execute injected JavaScript when HTML display is enab…from 0
- —CVE-2026-23927A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter.from 0
- —CVE-2026-23926An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any user that open…from 0
- —CVE-2026-23924Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container_info' parameters when forwarding them to the Docker daemon.from 0
- —CVE-2026-23921A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execu…from 0
- —CVE-2026-23920Host and event action script input is validated with a regex (set by the administrator), but the validation runs in multiline mode.from 0
- —CVE-2026-23919For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape) contexts (used in script items, JavaScript reprocessing, Webhooks).from 0
- —CVE-2026-23925An authenticated Zabbix user (User role) with template/host write permissions is able to create objects via the configuration.import API.from 0
- from 0, < 1:5.0.47+dfsg-0+deb11u1
- from 0, < 1:5.0.47+dfsg-0+deb11u1
- —CVE-2025-27233Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments in…from 0
- —CVE-2014-9450Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.…from 0, < 1:2.2.7+dfsg-2
- —CVE-2014-1685The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the…from 0, < 1:2.2.2+dfsg-1
- —CVE-2014-1682The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary…from 0, < 1:2.2.2+dfsg-1
- —CVE-2012-6086libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.8rc1, and 2.1.x before 2.1.2 does not properly set the CURLOPT…from 0, < 1:2.0.7+dfsg-1
- —CVE-2013-6824Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary comman…from 0, < 1:2.2.0+dfsg-6
- —CVE-2013-1364The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf…from 0, < 1:2.0.4+dfsg-2
- —CVE-2013-5572Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the l…from 0, < 1:2.2.2+dfsg-1
- from 0, < 1:2.0.2+dfsg-1
- from 0, < 1:1.8.2-1squeeze4
- —CVE-2011-5027Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspeci…from 0, < 1:1.8.10-1
- —CVE-2011-4615Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML v…from 0, < 1:1.8.10-1
- —CVE-2011-4674SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to ex…from 0, < 1:1.8.9-1
- —CVE-2010-5049SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the nav…from 0, < 1:1.8.2-1
- —CVE-2011-3265popup.php in Zabbix before 1.8.7 allows remote attackers to read the contents of arbitrary database tables via a modified srctbl parameter.from 0, < 1:1.8.9-1
- —CVE-2011-3264Zabbix before 1.8.6 allows remote attackers to obtain sensitive information via an invalid srcfld2 parameter to popup.php, which reveals th…from 0, < 1:1.8.6-1
- —CVE-2011-3263zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows context-dependent attackers to cause a denial of service (CPU consumptio…from 0, < 1:1.8.6-1
- —CVE-2011-2904Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix before 1.8.6 allows remote attackers to inject arbitrary web script or HTM…from 0, < 1:1.8.6-1
- —CVE-2010-2790Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix b…from 0, < 1:1.8.3-1
- —CVE-2010-1277SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitr…from 0, < 1:1.8.2-1
- —CVE-2009-4502The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass th…from 0, < 1:1.8-1
- —CVE-2009-4501The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service…from 0, < 1:1.8-1
- —CVE-2009-4500The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service (crash) v…from 0, < 1:1.8-1
- —CVE-2009-4499SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote att…from 0, < 1:1.8-1
- —CVE-2009-4498The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.from 0, < 1:1.8-1
- —CVE-2008-1353zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.c…from 0, < 1:1.4.5-1
- from 0, < 1:1.4.1-4+lenny1
- from 0, < 1:1.1.4-10etch1
- from 0, < 1:1.4.2-4
- —CVE-2007-0640Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."from 0, < 1:1.1.4-8
- —CVE-2006-6693Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute a…from 0, < 1:1.1.2-4
- —CVE-2006-6692Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possi…from 0, < 1:1.1.2-4