CVSS: 6.5EPSS: %CPEs: 4EXPL: 0CVE-2024-36463
https://notcve.org/view.php?id=CVE-2024-36463
The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects. • https://support.zabbix.com/browse/ZBX-25611 • CWE-767: Access to Critical Private Variable via Public Method •
CVSS: 2.2EPSS: %CPEs: 3EXPL: 0CVE-2024-22117 – Value of sysmap_element_url can be de-synchronized causing the map element to crash when new URLs is added
https://notcve.org/view.php?id=CVE-2024-22117
When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element. • https://support.zabbix.com/browse/ZBX-25610 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2024-22119 – Stored XSS in graph items select form
https://notcve.org/view.php?id=CVE-2024-22119
The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section. La causa de la vulnerabilidad es la validación inadecuada del campo de entrada del formulario "Nombre" en la página Gráfico en la sección Elementos. • https://lists.debian.org/debian-lts-announce/2024/04/msg00020.html https://support.zabbix.com/browse/ZBX-24070 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-32724 – JavaScript engine memory pointers are directly available for Zabbix users for modification
https://notcve.org/view.php?id=CVE-2023-32724
Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation. El puntero de memoria está en una propiedad del objeto Ducktape. Esto conduce a múltiples vulnerabilidades relacionadas con el acceso directo y la manipulación de la memoria. • https://support.zabbix.com/browse/ZBX-23391 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.6EPSS: 0%CPEs: 5EXPL: 0CVE-2023-32722 – Stack-buffer Overflow in library module zbxjson
https://notcve.org/view.php?id=CVE-2023-32722
The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open. El módulo zabbix/src/libs/zbxjson es vulnerable a un desbordamiento del búfer al analizar archivos JSON a través de zbx_json_open. • https://support.zabbix.com/browse/ZBX-23390 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •