https://github.com|zabbix/zabbix vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the https://github.com|zabbix/zabbix package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Cross-site Scripting (XSS)	[,6.0.37rc1)[6.4.0,6.4.21rc1)[7.0.0,7.0.7rc1)
M Allocation of Resources Without Limits or Throttling	[,6.0.39rc1)[7.0.0alpha1,7.0.10rc1)[7.2.0alpha1,7.4.0alpha1)
L Timing Attack	[,5.0.46rc1)[6.0.0,6.0.38rc1)[7.0.0,7.0.9rc1)[7.2.0,7.2.3rc1)
H SQL Injection	[,7.0.8rc2)[7.2.0alpha1,7.2.2rc1)[7.2.2,7.4.0alpha1)
L Incorrect Authorization	[,5.0.46rc1)[6.0.0alpha1,6.0.38rc1)[7.0.0alpha1,7.0.9rc1)[7.2.0alpha1,7.2.3rc1)[7.2.3,7.4.0alpha1)
H User Impersonation	[6.0.0,6.0.32rc1)[6.4.0,6.4.17rc1)[7.0.0,7.0.1rc1)
M Credential Exposure	[6.0.0,6.0.30rc1)[6.4.0,6.4.15rc1)
M Use After Free	[7.0.1,7.0.4rc1)
H Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')	[6.0.0,6.0.35rc1)[6.4.0,6.4.20rc1)[7.0.0,7.0.3rc1)
L Stack-based Buffer Overflow	[7.0.0,7.0.3rc1)
C Use of Externally-Controlled Format String	[6.0.0,6.0.34rc1)[6.4.0,6.4.19rc1)[7.0.0,7.0.4rc1)
C SQL Injection	[6.0.0,6.0.32rc1)[6.4.0,6.4.17rc1)[7.0.0,7.0.1rc1)
M Buffer Over-read	[6.0.0,6.0.34rc1)[6.4.0,6.4.19rc1)[7.0.0,7.0.4rc1)
H Access to Critical Private Variable via Public Method	[5.0.0,5.0.43rc1)[6.0.0,6.0.33rc1)[6.4.0,6.4.18rc1)[7.0.0,7.0.3rc1)
M Unchecked Return Value to NULL Pointer Dereference	[7.0.0,7.0.4rc1)
M Use After Free	[,7.0.4rc1)
M Unchecked Return Value to NULL Pointer Dereference	[,7.0.4rc1)
M Arbitrary File Read	[5.0.0,5.0.43)
H Allocation of Resources Without Limits or Throttling	[7.0.0alpha1,7.0.0rc3)
C Code Injection	[0,)
H Uncontrolled Modification of Pointer Value	[,6.0.31rc1)[6.4.0,6.4.16rc1)[7.0.0alpha1,7.0.1rc1)
L Command Injection	[,5.0.43rc1)[6.0.0,6.0.30rc1)[6.4.0,6.4.16rc1)[7.0.0alpha1,7.0.0rc3)
C Improper Input Validation	[,6.0.28rc1)[6.4.0,6.4.13rc1)[7.0.0alpha1,7.0.0beta2)
L Improper Check for Unusual or Exceptional Conditions	[0,)
M Improper Input Validation	[0,)
C Reliance on Cookies without Validation and Integrity Checking	[0,)
M Improper Input Validation	[0,)
C Improper Control of Generation of Code ('Code Injection')	[5.0.0,5.0.35)[6.0.0,6.0.18)[6.4.0,6.4.3)
H Buffer Overflow	[6.0.0,6.0.21rc1)[6.4.0,6.4.6rc1)[7.0.0alpha1,7.0.0alpha4)
H Improper Input Validation	[4.0.0,4.0.48rc1)[5.0.0,5.0.37rc1)[6.0.0,6.0.21rc1)[6.4.0,6.4.6rc1)[7.0.0alpha1,7.0.0alpha4)
H Incorrect Permission Assignment for Critical Resource	[4.0.0,4.0.20rc1)[4.4.0,4.4.8rc1)[5.0.0alpha3,5.0.0alpha4)
C Incorrect Permission Assignment for Critical Resource	[5.0.0,5.0.37rc1)[6.0.0,6.0.21rc1)[6.4.0,6.4.6rc1)[7.0.0alpha1,7.0.0alpha4)
M Cross-site Scripting (XSS)	[,5.0.32rc1)[6.0.0,6.0.14rc1)[6.2.0,6.2.8rc1)[6.4.0,6.4.0rc1)
M Improper Input Validation	[,5.0.32rc1)[6.0.0,6.0.14rc1)[6.2.0,6.2.8rc1)[6.4.0,6.4.0rc1)
M Cross-site Scripting (XSS)	[,5.0.32rc1)[6.0.0,6.0.14rc1)[6.2.0,6.2.8rc1)[6.4.0,6.4.0rc1)
M Cross-site Scripting (XSS)	[,5.0.32rc1)[6.0.0,6.0.14rc1)[6.2.0,6.2.8rc1)[6.4.0,6.4.0rc1)
M Improper Input Validation	[,5.0.32rc1)[6.0.0,6.0.14rc1)[6.2.0,6.2.8rc1)[6.4.0,6.4.0rc1)
H Information Exposure	[,5.0.32rc1)[6.0.0,6.0.14rc1)[6.2.0,6.2.8rc1)[6.4.0,6.4.0rc1)
M Denial of Service (DoS)	[,5.0.32rc1)[6.0.0,6.0.14rc1)[6.2.0,6.2.8rc1)[6.4.0,6.4.0rc1)
M Improper Input Validation	[,6.0.12rc1)[6.2.0,6.2.6rc1)
M Improper Access Control	[6.0.10,6.0.12rc2)[6.2.5,6.2.6rc2)
H SQL Injection	[,2.0.0)
H Denial of Service (DoS)	[,20061006)
L Access Restriction Bypass	[,2.0.5]
C SQL Injection	[1.8,1.8.17][2.0.0,2.0.9)[2.1.0,2.2.0)
M Information Exposure	[,1.8.7)
M Cross-site Scripting (XSS)	[,1.8.15)
M Cross-site Scripting (XSS)	[,1.8.15)
M Information Exposure	[,1.8.6)
C Improper Input Validation	[,2.0.6]
M Cross-site Scripting (XSS)	[,1.8.3)
M Cross-site Scripting (XSS)	[,3.2.0)[4.0.0,4.0.22)[4.4,4.4.10)[5.0.0,5.0.2)
C XML External Entity (XXE) Injection	[,1.8.21)[2.0.0,2.0.13)[2.2.0,2.2.5)[2.3.0,2.3.2)
H SQL Injection	[,1.8.2)
H Cross-site Scripting (XSS)	[2.4.0,2.5.0)
M Out-of-Bounds	[,1.6)
H Access Restriction Bypass	[,1.6.7)
M Information Exposure	[,4.0.27)[5.0.0,5.0.6)[5.2.0,5.2.2)
H SQL Injection	[,2.0.18)[2.2.0,2.2.13)[3.0.0,3.0.3)
M Resource Management Errors	[,1.8.6)
M Cryptographic Issues	[,1.8.18)[2.0.0,2.0.8)[2.1.0,2.1.2)
C SQL Injection	[,2.2.14)
H SQL Injection	[,1.6.8)
M Command Injection	[,1.8)
H Insecure Encryption	[2.0.8,4.4.0]
M Denial of Service (DoS)	[1.1.2,1.4.3]
H Remote Code Execution (RCE)	[,2.0.0)
M Out-of-Bounds	[,1.6.8)
H Arbitrary Code Injection	[,2.0.9]
H Denial of Service (DoS)	[,20061006)
C Buffer Overflow	[,1.1.5)
H SQL Injection	[,1.8.9)
H SQL Injection	[,1.8.2)
M CVE-2014-1685	[,2.0.0)
H Cross-site Request Forgery (CSRF)	[,4.0.28)[5.0.0,5.0.8)[5.1.0,5.2.4)
H SQL Injection	[,2.0.0)
M Open Redirect	[,2.2.21)[3.0.0,3.0.13)[3.1.0,3.2.9][3.3.0,4.0.0)
M Cross-site Scripting (XSS)	[,1.8.6)
M Improper Authentication	[,2.0.0)
H Arbitrary Command Injection	[2.4.0,2.4.9]
M Improper Authentication	[,2.0.0)
C Arbitrary Code Execution	[2.2.0,3.0.31)
L Information Exposure	[2.4.0,2.4.9]
C Authorization Bypass	[,4.4.1)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

[,6.0.37rc1)[6.4.0,6.4.21rc1)[7.0.0,7.0.7rc1)

Allocation of Resources Without Limits or Throttling

[,6.0.39rc1)[7.0.0alpha1,7.0.10rc1)[7.2.0alpha1,7.4.0alpha1)

Timing Attack

[,5.0.46rc1)[6.0.0,6.0.38rc1)[7.0.0,7.0.9rc1)[7.2.0,7.2.3rc1)

SQL Injection

[,7.0.8rc2)[7.2.0alpha1,7.2.2rc1)[7.2.2,7.4.0alpha1)

Incorrect Authorization

[,5.0.46rc1)[6.0.0alpha1,6.0.38rc1)[7.0.0alpha1,7.0.9rc1)[7.2.0alpha1,7.2.3rc1)[7.2.3,7.4.0alpha1)

User Impersonation

[6.0.0,6.0.32rc1)[6.4.0,6.4.17rc1)[7.0.0,7.0.1rc1)

Credential Exposure

[6.0.0,6.0.30rc1)[6.4.0,6.4.15rc1)

Use After Free

[7.0.1,7.0.4rc1)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

[6.0.0,6.0.35rc1)[6.4.0,6.4.20rc1)[7.0.0,7.0.3rc1)

Stack-based Buffer Overflow

[7.0.0,7.0.3rc1)

Use of Externally-Controlled Format String

[6.0.0,6.0.34rc1)[6.4.0,6.4.19rc1)[7.0.0,7.0.4rc1)

SQL Injection

[6.0.0,6.0.32rc1)[6.4.0,6.4.17rc1)[7.0.0,7.0.1rc1)

Buffer Over-read

[6.0.0,6.0.34rc1)[6.4.0,6.4.19rc1)[7.0.0,7.0.4rc1)

Access to Critical Private Variable via Public Method

[5.0.0,5.0.43rc1)[6.0.0,6.0.33rc1)[6.4.0,6.4.18rc1)[7.0.0,7.0.3rc1)

Unchecked Return Value to NULL Pointer Dereference

[7.0.0,7.0.4rc1)

Use After Free

[,7.0.4rc1)

Unchecked Return Value to NULL Pointer Dereference

[,7.0.4rc1)

Arbitrary File Read

[5.0.0,5.0.43)

Allocation of Resources Without Limits or Throttling

[7.0.0alpha1,7.0.0rc3)

Code Injection

[0,)

Uncontrolled Modification of Pointer Value

[,6.0.31rc1)[6.4.0,6.4.16rc1)[7.0.0alpha1,7.0.1rc1)

Command Injection

[,5.0.43rc1)[6.0.0,6.0.30rc1)[6.4.0,6.4.16rc1)[7.0.0alpha1,7.0.0rc3)

Improper Input Validation

[,6.0.28rc1)[6.4.0,6.4.13rc1)[7.0.0alpha1,7.0.0beta2)

Improper Check for Unusual or Exceptional Conditions

[0,)

Improper Input Validation

[0,)

Reliance on Cookies without Validation and Integrity Checking

[0,)

Improper Input Validation

[0,)

Improper Control of Generation of Code ('Code Injection')

[5.0.0,5.0.35)[6.0.0,6.0.18)[6.4.0,6.4.3)

Buffer Overflow

[6.0.0,6.0.21rc1)[6.4.0,6.4.6rc1)[7.0.0alpha1,7.0.0alpha4)

Improper Input Validation

[4.0.0,4.0.48rc1)[5.0.0,5.0.37rc1)[6.0.0,6.0.21rc1)[6.4.0,6.4.6rc1)[7.0.0alpha1,7.0.0alpha4)

Incorrect Permission Assignment for Critical Resource

[4.0.0,4.0.20rc1)[4.4.0,4.4.8rc1)[5.0.0alpha3,5.0.0alpha4)

Incorrect Permission Assignment for Critical Resource

[5.0.0,5.0.37rc1)[6.0.0,6.0.21rc1)[6.4.0,6.4.6rc1)[7.0.0alpha1,7.0.0alpha4)

Cross-site Scripting (XSS)