GCVE - cpe:2.3:a:zabbix:zabbix:1.8.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:zabbix:zabbix:1.8.1:*:*:*:*:*:*:*

part: a version: 1.8.1 update: *

Vendor	Zabbix (`8857f8ff-2020-5e62-b9b7-687960752062`)
Product	Zabbix (`ff27d8f3-5575-5d69-ac0d-7d8e9faa4e83`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:docker/zabbix/zabbix-agent`	purl2cpe	2026-06-01 10:13:01.778424
`pkg:github/zabbix/zabbix`	purl2cpe	2026-06-01 10:13:01.778426
`pkg:rpm/fedora/zabbix`	purl2cpe	2026-06-01 10:13:01.778427
`pkg:rpm/opensuse/zabbix`	purl2cpe	2026-06-01 10:13:01.778429
`pkg:zabbix/zbx/zabbix`	purl2cpe	2026-06-01 10:13:01.778431

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-3005`	vulnerable	2026-06-08 05:05:30.611406	Details available XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. Published: 2018-02-01T17:00:00.000Z Updated: 2024-08-06T10:28:46.259Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html http://www.securityfocus.com/bid/68075 https://support.zabbix.com/browse/ZBX-8151 http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134909.html http://seclists.org/fulldisclosure/2014/Jun/87	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1685`	vulnerable	2026-06-08 05:05:25.916353	Details available The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors. Published: 2014-05-08T14:00:00.000Z Updated: 2024-08-06T09:50:10.755Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html https://support.zabbix.com/browse/ZBX-7693 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1682`	vulnerable	2026-06-08 05:05:25.870263	Details available The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request. Published: 2014-05-08T14:00:00.000Z Updated: 2024-08-06T09:50:09.977Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html http://www.securityfocus.com/bid/65402 https://support.zabbix.com/browse/ZBX-7703 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-6086`	vulnerable	2026-06-08 05:02:59.320622	Details available libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.8rc1, and 2.1.x before 2.1.2 does not properly set the CURLOPT_SSL_VERIFYHOST option for libcurl, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Published: 2014-01-29T18:00:00.000Z Updated: 2024-08-06T21:21:28.456Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/57103 https://support.zabbix.com/browse/ZBX-5924 http://www.openwall.com/lists/oss-security/2013/01/03/1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3435`	vulnerable	2026-06-08 05:02:09.871675	Details available SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter. Published: 2012-08-15T20:00:00.000Z Updated: 2024-08-06T20:05:12.556Z Open on db.gcve.eu Reference links http://www.exploit-db.com/exploits/20087 http://secunia.com/advisories/50475 http://git.zabbixzone.com/zabbix2.0/.git/commitdiff/333a3a5542ba8a2c901c24b7bf5440f41f1f4f54 http://www.debian.org/security/2012/dsa-2539 https://support.zabbix.com/browse/ZBX-5348	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-5027`	vulnerable	2026-06-08 04:59:34.212781	Details available Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the profiler. Published: 2011-12-29T22:00:00.000Z Updated: 2024-08-07T00:23:39.389Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/51093 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071660.html https://support.zabbix.com/browse/ZBX-4015 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071687.html http://osvdb.org/77772	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4615`	vulnerable	2026-06-08 04:59:32.297031	Details available Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action to (3) hosts.php and (4) scripts.php, and (5) maintenance.php. Published: 2011-12-29T22:00:00.000Z Updated: 2024-08-07T00:09:19.538Z Open on db.gcve.eu Reference links http://osvdb.org/77771 http://www.securityfocus.com/bid/51093 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071660.html https://support.zabbix.com/browse/ZBX-4015 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071687.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-3265`	vulnerable	2026-06-08 04:59:23.677312	Details available popup.php in Zabbix before 1.8.7 allows remote attackers to read the contents of arbitrary database tables via a modified srctbl parameter. Published: 2011-08-19T21:00:00.000Z Updated: 2024-08-06T23:29:56.536Z Open on db.gcve.eu Reference links https://support.zabbix.com/browse/ZBX-3840 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066092.html http://www.securityfocus.com/bid/49277 https://support.zabbix.com/browse/ZBX-3955 https://exchange.xforce.ibmcloud.com/vulnerabilities/69376	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-3264`	vulnerable	2026-06-08 04:59:23.675197	Details available Zabbix before 1.8.6 allows remote attackers to obtain sensitive information via an invalid srcfld2 parameter to popup.php, which reveals the installation path in an error message. Published: 2011-08-19T21:00:00.000Z Updated: 2024-08-06T23:29:56.401Z Open on db.gcve.eu Reference links https://support.zabbix.com/browse/ZBX-3840 http://www.zabbix.com/rn1.8.6.php https://exchange.xforce.ibmcloud.com/vulnerabilities/69377	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-3263`	vulnerable	2026-06-08 04:59:23.662992	Details available zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows context-dependent attackers to cause a denial of service (CPU consumption) by executing the vfs.file.cksum command for a special device, as demonstrated by the /dev/urandom device. Published: 2011-08-19T21:00:00.000Z Updated: 2024-08-06T23:29:56.674Z Open on db.gcve.eu Reference links http://www.zabbix.com/rn1.8.6.php https://support.zabbix.com/browse/ZBX-3794 https://exchange.xforce.ibmcloud.com/vulnerabilities/69378	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2904`	vulnerable	2026-06-08 04:58:09.589988	Details available Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix before 1.8.6 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter. Published: 2011-08-19T21:00:00.000Z Updated: 2024-08-06T23:15:31.951Z Open on db.gcve.eu Reference links http://secunia.com/advisories/45502 http://www.securityfocus.com/bid/49016 http://www.openwall.com/lists/oss-security/2011/08/09/5 http://www.zabbix.com/rn1.8.6.php http://www.openwall.com/lists/oss-security/2011/08/08/2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-2790`	vulnerable	2026-06-08 04:55:10.668907	Details available Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information. Published: 2010-08-04T19:00:00.000Z Updated: 2024-08-07T02:46:48.224Z Open on db.gcve.eu Reference links http://www.zabbix.com/forum/showthread.php?p=68770 https://exchange.xforce.ibmcloud.com/vulnerabilities/60772 http://www.vupen.com/english/advisories/2010/1908 http://secunia.com/advisories/40679 https://support.zabbix.com/browse/ZBX-2326	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-1277`	vulnerable	2026-06-08 04:54:06.966128	Details available SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php. Published: 2010-04-06T16:00:00.000Z Updated: 2024-08-07T01:21:17.601Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2010/0799 http://legalhackers.com/advisories/zabbix181api-sql.txt http://www.osvdb.org/63456 http://www.zabbix.com/rn1.8.2.php http://www.securityfocus.com/archive/1/510480/100/0/threaded	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.