Versions
7.0.1rc
2.0.9
4.0.45
6.4.0rc1
6.4.16rc1
5.0.0
4.4.7rc1
4.0.47rc1
4.0.49
7.0.0alpha1
4.4.*
7.0.5rc1
6.0.30
5.0.0alpha4
6.4.7
6.0.20
6.0.22rc1
4.0.48rc1
6.4.3rc1
6.0.34rc1
6.4.0beta6
7.0.0alpha6
6.0.22
6.4.4rc1
7.0.0alpha3
5.0.0alpha1
5.0.42
6.2.9rc2
6.0.16
4.0.0
6.4.13rc1
5.0.44rc1
6.4.12
6.4.6
6.2.8rc1
6.0.19rc1
4.4.8rc1
6.4.8
5.0.39rc1
4.4.0
5.4.0alpha1
6.4.7rc1
6,0,0
6.4.2rc1
7.0.0alpha2
7.0.1rc1
5.0.35
6.0.24
7.0.2
5.0.32rc1
7.0.0beta1
4.0.47
6.0.29
6.4.19rc1
5.0.40
6.0.33rc1
6.0.35rc1
7.0.3
7.0.0alpha7
5.0.34
6.0.23
6.4.0
7.0.2rc1
6.4.3
5.0.43rc1
6.2.8
6.2
5.0.38
5.2.*
6.4.20rc1
7.0.0alpha8
6.0.21rc1
5.0.43
6.0.32rc1
6.0.32
4.0.19rc1
6.0.13
6.0.28rc1
4.0.46
5.0
6.0.31
7.0.4rc1
7.0.0
7.0.1
5.0.40rc1
6.4.1rc2
6.0.15rc1
6.0.30rc1
5,0,0
6.4.18
7.0.0alpha4
6.0.27
7.0.3rc1
4.0.46rc1
6.0.21
6.4.2
6.0.18rc1
6.0.23rc1
4.4.4
6.0.33
6.4.6rc1
5.2.0alpha1
7.2.0alpha1
6.0
6.4.9
6.4
6.4.8rc1
5.0.31
6.4.15
6.0.0alpha1
6.0.31rc1
6.4.0alpha1
5.0.36rc1
5.4.*
7.0.0rc2
5.0.35rc1
7.0.0rc3
5.0.37rc1
4.0.50
6.0.14
6.0.14rc1 (6.0.16 is recommended)
6.0.18
6.4.18rc1
6.4.16
5.0.39
6.4.17
4.0.20rc1
5.0.33
6.4.0rc2
6.0.24rc1
6.0.17
5.0.36
6.2.0alpha1
6.0.0
6.4.9rc1
6.2.7
6.4.5
6.4.17rc1
Recent CVEs
CVE-2024-22114
User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard.
CVE-2024-36461
Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.
CVE-2024-22120
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.
CVE-2023-32728
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.
CVE-2023-32726
The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.
CVE-2023-32725
The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.
CVE-2023-29456
URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards.
CVE-2023-29454
Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages.
CVE-2023-29452
Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider.
CVE-2023-29451
Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.