GCVE - cpe:2.3:a:zabbix:zabbix:2.0.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:zabbix:zabbix:2.0.0:*:*:*:*:*:*:*

part: a version: 2.0.0 update: *

Vendor	Zabbix (`8857f8ff-2020-5e62-b9b7-687960752062`)
Product	Zabbix (`ff27d8f3-5575-5d69-ac0d-7d8e9faa4e83`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:docker/zabbix/zabbix-agent`	purl2cpe	2026-06-01 10:13:01.952436
`pkg:github/zabbix/zabbix`	purl2cpe	2026-06-01 10:13:01.952437
`pkg:rpm/fedora/zabbix`	purl2cpe	2026-06-01 10:13:01.952439
`pkg:rpm/opensuse/zabbix`	purl2cpe	2026-06-01 10:13:01.952441
`pkg:zabbix/zbx/zabbix`	purl2cpe	2026-06-01 10:13:01.952442

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-4338`	vulnerable	2026-06-08 05:07:47.159711	Details available The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter. Published: 2017-01-23T21:00:00.000Z Updated: 2024-08-06T00:25:14.512Z Open on db.gcve.eu Reference links http://packetstormsecurity.com/files/136898/Zabbix-Agent-3.0.1-mysql.size-Shell-Command-Injection.html https://www.exploit-db.com/exploits/39769/ http://www.securityfocus.com/archive/1/538258/100/0/threaded https://support.zabbix.com/browse/ZBX-10741 https://www.zabbix.com/documentation/2.2/manual/introduction/whatsnew2213#miscellaneous_improvements	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3005`	vulnerable	2026-06-08 05:05:30.628670	Details available XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. Published: 2018-02-01T17:00:00.000Z Updated: 2024-08-06T10:28:46.259Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html http://www.securityfocus.com/bid/68075 https://support.zabbix.com/browse/ZBX-8151 http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134909.html http://seclists.org/fulldisclosure/2014/Jun/87	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1685`	vulnerable	2026-06-08 05:05:25.916623	Details available The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors. Published: 2014-05-08T14:00:00.000Z Updated: 2024-08-06T09:50:10.755Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html https://support.zabbix.com/browse/ZBX-7693 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1682`	vulnerable	2026-06-08 05:05:25.874989	Details available The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request. Published: 2014-05-08T14:00:00.000Z Updated: 2024-08-06T09:50:09.977Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html http://www.securityfocus.com/bid/65402 https://support.zabbix.com/browse/ZBX-7703 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-6824`	vulnerable	2026-06-08 05:05:07.044793	Details available Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter. Published: 2013-12-19T02:00:00.000Z Updated: 2024-08-06T17:46:23.955Z Open on db.gcve.eu Reference links https://support.zabbix.com/browse/ZBX-7479 http://www.zabbix.com/rn1.8.19rc1.php http://security.gentoo.org/glsa/glsa-201401-26.xml http://www.zabbix.com/rn2.0.10rc1.php http://www.zabbix.com/rn2.2.1rc1.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-1364`	vulnerable	2026-06-08 05:03:53.467260	Details available The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter. Published: 2013-12-14T17:00:00.000Z Updated: 2024-08-06T14:57:05.111Z Open on db.gcve.eu Reference links https://support.zabbix.com/browse/ZBX-6097 http://www.securityfocus.com/bid/57471 http://www.zabbix.com/rn1.8.16.php http://security.gentoo.org/glsa/glsa-201311-15.xml http://www.zabbix.com/rn2.0.5rc1.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-6086`	vulnerable	2026-06-08 05:02:59.324550	Details available libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.8rc1, and 2.1.x before 2.1.2 does not properly set the CURLOPT_SSL_VERIFYHOST option for libcurl, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Published: 2014-01-29T18:00:00.000Z Updated: 2024-08-06T21:21:28.456Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/57103 https://support.zabbix.com/browse/ZBX-5924 http://www.openwall.com/lists/oss-security/2013/01/03/1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3435`	vulnerable	2026-06-08 05:02:09.874849	Details available SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter. Published: 2012-08-15T20:00:00.000Z Updated: 2024-08-06T20:05:12.556Z Open on db.gcve.eu Reference links http://www.exploit-db.com/exploits/20087 http://secunia.com/advisories/50475 http://git.zabbixzone.com/zabbix2.0/.git/commitdiff/333a3a5542ba8a2c901c24b7bf5440f41f1f4f54 http://www.debian.org/security/2012/dsa-2539 https://support.zabbix.com/browse/ZBX-5348	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.