NotCVE - vendor:"Zabbix" product:"Zabbix" version:" >= 4.0.0

Page 2 of 14 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0

CVE-2020-15803

https://notcve.org/view.php?id=CVE-2020-15803

17 Jul 2020 — Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. Zabbix versiones anteriores a 3.0.32rc1, versiones 4.x anteriores a 4.0.22rc1, versiones 4.1.x hasta 4.4.x anteriores a 4.4.10rc1 y versiones 5.x anteriores a 5.0.2rc1, permite un ataque de tipo XSS almacenado en el widget URL • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2013-7484

https://notcve.org/view.php?id=CVE-2013-7484

30 Nov 2019 — Zabbix before 5.0 represents passwords in the users table with unsalted MD5. Zabbix versiones anteriores a 5.0, representa contraseñas en la tabla de usuarios con MD5 sin sal. • https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html • CWE-326: Inadequate Encryption Strength •

CVSS: 9.1EPSS: 74%CPEs: 1EXPL: 2

CVE-2019-17382

https://notcve.org/view.php?id=CVE-2019-17382

09 Oct 2019 — An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin. Se detectó un problema en zabbix.php? • https://github.com/K3ysTr0K3R/CVE-2019-17382-EXPLOIT • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 5.3EPSS: 1%CPEs: 5EXPL: 0

CVE-2019-15132

https://notcve.org/view.php?id=CVE-2019-15132

17 Aug 2019 — Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php. Zabbix versiones hasta 4.4.0alpha1, permite la enumeración de usuarios. Con las peticiones de inicio de sesión, es posible enumerar los nombres de usuario... • https://lists.debian.org/debian-lts-announce/2021/04/msg00018.html • CWE-203: Observable Discrepancy •

1 2