Zabbix 7.0.0 Alpha 2
Approved changes feed: RSS · Atom
cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:*:*:*:*:*:*
part: a version: 7.0.0 update: alpha2
| Vendor | Zabbix (8857f8ff-2020-5e62-b9b7-687960752062) |
|---|---|
| Product | Zabbix (ff27d8f3-5575-5d69-ac0d-7d8e9faa4e83) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/zabbix/zabbix-agent |
purl2cpe | 2026-06-01 10:13:01.958448 |
pkg:github/zabbix/zabbix |
purl2cpe | 2026-06-01 10:13:01.958449 |
pkg:rpm/fedora/zabbix |
purl2cpe | 2026-06-01 10:13:01.958451 |
pkg:rpm/opensuse/zabbix |
purl2cpe | 2026-06-01 10:13:01.958452 |
pkg:zabbix/zbx/zabbix |
purl2cpe | 2026-06-01 10:13:01.958453 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-22123 |
vulnerable | 2026-06-08 06:29:33.822995 |
Zabbix Arbitrary File Read
LOW (2.7)
Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI.
Published: 2024-08-09T10:57:08.143Z
Updated: 2025-11-03T21:53:44.096Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22122 |
vulnerable | 2026-06-08 06:29:33.821598 |
AT(GSM) Command Injection
LOW (3)
Zabbix allows to configure SMS notifications. AT command injection occurs on "Zabbix Server" because there is no validation of "Number" field on Web nor on Zabbix server side. Attacker can run test of SMS providing specially crafted phone number and execute additional AT commands on modem.
Published: 2024-08-09T08:46:21.444Z
Updated: 2025-11-03T21:53:42.627Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22121 |
vulnerable | 2026-06-08 06:29:33.819764 |
Zabbix Agent MSI Installer Allows Non-Admin User to Access Change Option via msiexec.exe
MEDIUM (6.1)
A non-admin user can change or remove important features within the Zabbix Agent application, thus impacting the integrity and availability of the application.
Published: 2024-08-09T08:34:47.392Z
Updated: 2024-08-09T15:17:48.357Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22120 |
vulnerable | 2026-06-08 06:29:33.818688 |
Time Based SQL Injection in Zabbix Server Audit Log
CRITICAL (9.1)
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.
Published: 2024-05-17T09:53:52.798Z
Updated: 2024-08-01T22:35:34.820Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22119 |
vulnerable | 2026-06-08 06:29:33.811534 |
Stored XSS in graph items select form
MEDIUM (5.5)
The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section.
Published: 2024-02-09T08:26:20.006Z
Updated: 2025-11-03T21:53:41.158Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22116 |
vulnerable | 2026-06-08 06:29:33.809679 |
Remote code execution within ping script
CRITICAL (9.9)
An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure.
Published: 2024-08-09T10:16:34.982Z
Updated: 2025-11-03T21:53:39.703Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22114 |
vulnerable | 2026-06-08 06:29:33.798264 |
System Information Widget in Global View Dashboard exposes information about Hosts to Users without Permission
MEDIUM (4.3)
User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard.
Published: 2024-08-09T10:15:26.509Z
Updated: 2025-11-03T21:53:38.213Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32724 |
vulnerable | 2026-06-08 06:04:47.083678 |
JavaScript engine memory pointers are directly available for Zabbix users for modification
CRITICAL (9.1)
Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation.
Published: 2023-10-12T06:14:45.978Z
Updated: 2025-11-03T21:48:38.879Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32722 |
vulnerable | 2026-06-08 06:04:47.078629 |
Stack-buffer Overflow in library module zbxjson
CRITICAL (9.6)
The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.
Published: 2023-10-12T06:06:52.182Z
Updated: 2025-11-03T21:48:37.420Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32721 |
vulnerable | 2026-06-08 06:04:47.077208 |
Stored XSS in Maps element
HIGH (7.6)
A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.
Published: 2023-10-12T06:04:10.100Z
Updated: 2025-11-03T21:48:35.952Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.