Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 86 results


CVE-2024-36462

Medium priority
Needs evaluation

Uncontrolled resource consumption refers to a software vulnerability where a attacker or system uses excessive resources, such as CPU, memory, or network bandwidth, without proper limitations or controls. This can cause...

1 affected packages

zabbix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zabbix Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-36461

Medium priority
Needs evaluation

Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.

1 affected packages

zabbix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zabbix Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-36460

Medium priority
Needs evaluation

The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text.

1 affected packages

zabbix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zabbix Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-22123

Medium priority
Needs evaluation

Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it...

1 affected packages

zabbix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zabbix Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-22122

Medium priority
Needs evaluation

Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing...

1 affected packages

zabbix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zabbix Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-22121

Medium priority
Needs evaluation

A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application.

1 affected packages

zabbix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zabbix Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-22116

Medium priority
Needs evaluation

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary...

1 affected packages

zabbix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zabbix Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-22114

Medium priority
Needs evaluation

User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard.

1 affected packages

zabbix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zabbix Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-22120

Medium priority
Needs evaluation

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip"...

1 affected packages

zabbix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zabbix Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-22119

Medium priority
Vulnerable

The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section.

1 affected packages

zabbix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zabbix Not in release Vulnerable Not affected Not affected Not affected
Show less packages