ALT Linux Team

Package zabbix update in c10f1 on 2024-02-05

ALT-PU-2024-1565-3

Package zabbix updated to version 6.0.25-alt0.c10f1.1 for branch c10f1 in task 339367.

Closed vulnerabilities

Published: 2023-05-11

BDU:2023-06803

Уязвимость интерфейса универсальной системы мониторинга Zabbix, позволяющая нарушителю проводить межсайтовые сценарные атаки

Severity: HIGH (7.6) Vector: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N
References:
Published: 2023-09-11

BDU:2023-08246

Уязвимость модуля zabbix/src/libs/zbxjson универсальной системы мониторинга Zabbix, позволяющая нарушителю выполнить произвольный код

Severity: CRITICAL (9.6) Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
References:
Published: 2023-12-18

BDU:2024-00033

Уязвимость функции icmpping универсальной системы мониторинга Zabbix, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.2) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2023-12-18

BDU:2024-00645

Уязвимость компонента DNS Response Handler агента универсальной системы мониторинга Zabbix, позволяющая нарушителю вызвать переполнение буфера

Severity: HIGH (8.1) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2023-10-12
Modified: 2024-11-21

CVE-2023-32721

A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.

Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
References:
Published: 2023-10-12
Modified: 2024-11-21

CVE-2023-32722

The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-10-12
Modified: 2024-11-21

CVE-2023-32724

Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2023-12-18
Modified: 2024-11-21

CVE-2023-32726

The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2023-12-18
Modified: 2024-11-21

CVE-2023-32727

An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.

Severity: HIGH (7.2) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2023-12-18
Modified: 2024-11-21

CVE-2023-32728

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top