Zabbix 6.4.0 Release Candidate 3
Approved changes feed: RSS · Atom
cpe:2.3:a:zabbix:zabbix:6.4.0:rc3:*:*:*:*:*:*
part: a version: 6.4.0 update: rc3
| Vendor | Zabbix (8857f8ff-2020-5e62-b9b7-687960752062) |
|---|---|
| Product | Zabbix (ff27d8f3-5575-5d69-ac0d-7d8e9faa4e83) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/zabbix/zabbix-agent |
purl2cpe | 2026-06-01 10:13:01.958109 |
pkg:github/zabbix/zabbix |
purl2cpe | 2026-06-01 10:13:01.958110 |
pkg:rpm/fedora/zabbix |
purl2cpe | 2026-06-01 10:13:01.958111 |
pkg:rpm/opensuse/zabbix |
purl2cpe | 2026-06-01 10:13:01.958113 |
pkg:zabbix/zbx/zabbix |
purl2cpe | 2026-06-01 10:13:01.958114 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-29452 |
vulnerable | 2026-06-08 06:02:40.269637 |
Remove possibility to add html into Geomap attribution field
MEDIUM (5.5)
Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider.
Published: 2023-07-13T09:29:55.833Z
Updated: 2024-10-22T16:23:20.957Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-29451 |
vulnerable | 2026-06-08 06:02:40.265816 |
Denial of service caused by a bug in the JSON parser
MEDIUM (4.7)
Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.
Published: 2023-07-13T09:29:42.494Z
Updated: 2025-02-13T16:49:18.150Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-29449 |
vulnerable | 2026-06-08 06:02:40.263609 |
Limited control of resource utilization in JS preprocessing
MEDIUM (5.9)
JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access.
Published: 2023-07-13T08:24:00.766Z
Updated: 2025-11-03T21:47:46.390Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.