CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-32724 – JavaScript engine memory pointers are directly available for Zabbix users for modification
https://notcve.org/view.php?id=CVE-2023-32724
Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation. El puntero de memoria está en una propiedad del objeto Ducktape. Esto conduce a múltiples vulnerabilidades relacionadas con el acceso directo y la manipulación de la memoria. • https://support.zabbix.com/browse/ZBX-23391 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.6EPSS: 0%CPEs: 5EXPL: 0CVE-2023-32722 – Stack-buffer Overflow in library module zbxjson
https://notcve.org/view.php?id=CVE-2023-32722
The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open. El módulo zabbix/src/libs/zbxjson es vulnerable a un desbordamiento del búfer al analizar archivos JSON a través de zbx_json_open. • https://support.zabbix.com/browse/ZBX-23390 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.6EPSS: 0%CPEs: 7EXPL: 0CVE-2023-32721 – Stored XSS in Maps element
https://notcve.org/view.php?id=CVE-2023-32721
A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. Se ha encontrado Cross-Site Scripting (XSS) almacenado en la aplicación web Zabbix en el elemento Maps si un campo URL está configurado con espacios antes de la URL. • https://lists.debian.org/debian-lts-announce/2024/01/msg00012.html https://support.zabbix.com/browse/ZBX-23389 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •