GCVE - cpe:2.3:a:zabbix:zabbix:1.8.18:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:zabbix:zabbix:1.8.18:*:*:*:*:*:*:*

part: a version: 1.8.18 update: *

Vendor	Zabbix (`8857f8ff-2020-5e62-b9b7-687960752062`)
Product	Zabbix (`ff27d8f3-5575-5d69-ac0d-7d8e9faa4e83`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:docker/zabbix/zabbix-agent`	purl2cpe	2026-06-01 10:13:01.778611
`pkg:github/zabbix/zabbix`	purl2cpe	2026-06-01 10:13:01.778613
`pkg:rpm/fedora/zabbix`	purl2cpe	2026-06-01 10:13:01.778615
`pkg:rpm/opensuse/zabbix`	purl2cpe	2026-06-01 10:13:01.778617
`pkg:zabbix/zbx/zabbix`	purl2cpe	2026-06-01 10:13:01.778618

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-3005`	vulnerable	2026-06-08 05:05:30.627322	Details available XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request. Published: 2018-02-01T17:00:00.000Z Updated: 2024-08-06T10:28:46.259Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html http://www.securityfocus.com/bid/68075 https://support.zabbix.com/browse/ZBX-8151 http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134909.html http://seclists.org/fulldisclosure/2014/Jun/87	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1685`	vulnerable	2026-06-08 05:05:25.916606	Details available The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors. Published: 2014-05-08T14:00:00.000Z Updated: 2024-08-06T09:50:10.755Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html https://support.zabbix.com/browse/ZBX-7693 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1682`	vulnerable	2026-06-08 05:05:25.874443	Details available The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request. Published: 2014-05-08T14:00:00.000Z Updated: 2024-08-06T09:50:09.977Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html http://www.securityfocus.com/bid/65402 https://support.zabbix.com/browse/ZBX-7703 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.