ALT-PU-2013-1262-1
Closed vulnerabilities
Published: 2014-01-29
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2012-6086
libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.8rc1, and 2.1.x before 2.1.2 does not properly set the CURLOPT_SSL_VERIFYHOST option for libcurl, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Severity: MEDIUM (4.3)
References:
Published: 2019-12-11
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2013-5743
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- https://admin.fedoraproject.org/updates/zabbix-1.8.18-1.el6
- https://admin.fedoraproject.org/updates/zabbix-1.8.18-1.el6
- https://admin.fedoraproject.org/updates/zabbix20-2.0.8-3.el6
- https://admin.fedoraproject.org/updates/zabbix20-2.0.8-3.el6
- https://admin.fedoraproject.org/updates/zabbix20-2.0.9-1.el5
- https://admin.fedoraproject.org/updates/zabbix20-2.0.9-1.el5
- https://support.zabbix.com/browse/ZBX-7091
- https://support.zabbix.com/browse/ZBX-7091
Published: 2013-12-19
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2013-6824
Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter.
Severity: HIGH (7.5)
References:
- GLSA-201401-26
- GLSA-201401-26
- http://www.zabbix.com/rn1.8.19rc1.php
- http://www.zabbix.com/rn1.8.19rc1.php
- http://www.zabbix.com/rn2.0.10rc1.php
- http://www.zabbix.com/rn2.0.10rc1.php
- http://www.zabbix.com/rn2.2.1rc1.php
- http://www.zabbix.com/rn2.2.1rc1.php
- https://support.zabbix.com/browse/ZBX-7479
- https://support.zabbix.com/browse/ZBX-7479