Page 2 of 19 results (0.008 seconds)

CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0

Request to LDAP is sent before user permissions are checked. La solicitud a LDAP se envía antes de que se verifiquen los permisos del usuario. • https://lists.debian.org/debian-lts-announce/2024/01/msg00012.html https://support.zabbix.com/browse/ZBX-23230 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.6EPSS: 0%CPEs: 7EXPL: 0

A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. Se ha encontrado Cross-Site Scripting (XSS) almacenado en la aplicación web Zabbix en el elemento Maps si un campo URL está configurado con espacios antes de la URL. • https://lists.debian.org/debian-lts-announce/2024/01/msg00012.html https://support.zabbix.com/browse/ZBX-23389 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use. • https://support.zabbix.com/browse/ZBX-22989 • CWE-129: Improper Validation of Array Index •

CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0

Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy. • https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html https://support.zabbix.com/browse/ZBX-22587 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •

CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0

JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data. • https://lists.debian.org/debian-lts-announce/2023/08/msg00027.html https://support.zabbix.com/browse/ZBX-22588 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •