GCVE - cpe:2.3:a:zabbix:zabbix:2.2.4:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:zabbix:zabbix:2.2.4:*:*:*:*:*:*:*

part: a version: 2.2.4 update: *

Vendor	Zabbix (`8857f8ff-2020-5e62-b9b7-687960752062`)
Product	Zabbix (`ff27d8f3-5575-5d69-ac0d-7d8e9faa4e83`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:docker/zabbix/zabbix-agent`	purl2cpe	2026-06-01 10:13:01.953321
`pkg:github/zabbix/zabbix`	purl2cpe	2026-06-01 10:13:01.953323
`pkg:rpm/fedora/zabbix`	purl2cpe	2026-06-01 10:13:01.953324
`pkg:rpm/opensuse/zabbix`	purl2cpe	2026-06-01 10:13:01.953325
`pkg:zabbix/zbx/zabbix`	purl2cpe	2026-06-01 10:13:01.953327

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-4338`	vulnerable	2026-06-08 05:07:47.174089	Details available The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter. Published: 2017-01-23T21:00:00.000Z Updated: 2024-08-06T00:25:14.512Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/136898/Zabbix-Agent-3.0.1-mysql.size-Shell-Command-Injection.html https://www.exploit-db.com/exploits/39769/ http://www.securityfocus.com/archive/1/538258/100/0/threaded https://support.zabbix.com/browse/ZBX-10741 https://www.zabbix.com/documentation/2.2/manual/introduction/whatsnew2213#miscellaneous_improvements	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-9450`	vulnerable	2026-06-08 05:06:11.800655	Details available Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter. Published: 2015-01-02T20:00:00.000Z Updated: 2024-09-16T22:46:01.055Z Open on db.gcve.eu Reference links http://www.zabbix.com/rn1.8.22.php http://secunia.com/advisories/61554 https://support.zabbix.com/browse/ZBX-8582 http://www.zabbix.com/rn2.0.14.php http://www.zabbix.com/rn2.2.8.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3005`	vulnerable	2026-06-08 05:05:30.636157	Details available XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. Published: 2018-02-01T17:00:00.000Z Updated: 2024-08-06T10:28:46.259Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html http://www.securityfocus.com/bid/68075 https://support.zabbix.com/browse/ZBX-8151 http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134909.html http://seclists.org/fulldisclosure/2014/Jun/87	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.