CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42330 – JS - Internal strings in HTTP headers
https://notcve.org/view.php?id=CVE-2024-42330
27 Nov 2024 — The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects. El objeto HttpRequest permite obtener los encabezados HTTP de la respuesta del servidor después de enviar la solicitud. El problema es que las cadenas devueltas se... • https://support.zabbix.com/browse/ZBX-25626 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42329 – JS - Crash on unexpected HTTP server response
https://notcve.org/view.php?id=CVE-2024-42329
27 Nov 2024 — The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd->error will be NULL and trying to read from it will result in a crash. El controlador web del objeto Browser espera que se inicialice un objeto de error cuando falla la función webdriver_session_query. Sin embargo, esta función puede fallar por diversos motivos sin una descripción del error ... • https://support.zabbix.com/browse/ZBX-25625 • CWE-476: NULL Pointer Dereference CWE-690: Unchecked Return Value to NULL Pointer Dereference •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42328 – JS - Crash on empty HTTP server response
https://notcve.org/view.php?id=CVE-2024-42328
27 Nov 2024 — When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server's response is an empty document, then wd->data in the code below will remain NULL and an attempt to read from it will result in a crash. Cuando el controlador web del objeto Browser descarga datos de un servidor HTTP, el puntero de datos se establece en NULL y se asigna solo en curl_write_cb cuando se reciben datos. Si la respu... • https://support.zabbix.com/browse/ZBX-25624 • CWE-476: NULL Pointer Dereference CWE-690: Unchecked Return Value to NULL Pointer Dereference •
CVSS: 9.9EPSS: 81%CPEs: 3EXPL: 13CVE-2024-42327 – SQL injection in user.get API
https://notcve.org/view.php?id=CVE-2024-42327
27 Nov 2024 — A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access. Una cuenta de usuario que no sea administrador en la interfaz de Zabbix con el rol de usuario predeterminado o con cualquier otro rol que proporcione acceso a la API puede aprove... • https://packetstorm.news/files/id/183055 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42326 – Use after free vulnerability in browser.c
https://notcve.org/view.php?id=CVE-2024-42326
27 Nov 2024 — There was discovered a use after free bug in browser.c in the es_browser_get_variant function Se descubrió un error de use after free en browser.c en la función es_browser_get_variant • https://support.zabbix.com/browse/ZBX-25622 • CWE-416: Use After Free •
CVSS: 3.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36468 – Stack buffer overflow in zbx_snmp_cache_handle_engineid
https://notcve.org/view.php?id=CVE-2024-36468
27 Nov 2024 — The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session->securityEngineID to local_record.engineid without proper bounds checking. La vulnerabilidad informada es un desbordamiento del búfer de pila en la función zbx_snmp_cache_handle_engineid dentro del código del servidor/proxy Zabbix. Este problema ocurre al copiar datos de session->securityEngineID a local_record.engineid ... • https://support.zabbix.com/browse/ZBX-25621 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36467 – Authentication privilege escalation via user groups due to missing authorization checks
https://notcve.org/view.php?id=CVE-2024-36467
27 Nov 2024 — An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access. • https://support.zabbix.com/browse/ZBX-25614 • CWE-285: Improper Authorization •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36463
https://notcve.org/view.php?id=CVE-2024-36463
26 Nov 2024 — The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects. • https://support.zabbix.com/browse/ZBX-25611 • CWE-767: Access to Critical Private Variable via Public Method •
CVSS: 2.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22117 – Value of sysmap_element_url can be de-synchronized causing the map element to crash when new URLs is added
https://notcve.org/view.php?id=CVE-2024-22117
26 Nov 2024 — When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element. • https://support.zabbix.com/browse/ZBX-25610 • CWE-20: Improper Input Validation •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22123 – Zabbix Arbitrary File Read
https://notcve.org/view.php?id=CVE-2024-22123
09 Aug 2024 — Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI. • https://support.zabbix.com/browse/ZBX-25013 • CWE-94: Improper Control of Generation of Code ('Code Injection') •