Skip to main content
CVE-2024-42332 LOW Monitor

The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Zabbix
NVD
CVSS 3.1
3.7
EPSS
0.6%
CVE-2024-42331 LOW Monitor

In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Zabbix
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2024-42329 LOW Monitor

The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Zabbix
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-36464 LOW Monitor

When exporting media types, the password is exported in the YAML in plain text. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zabbix
NVD
CVSS 3.1
2.7
EPSS
0.5%
CVE-2024-42333 LOW Monitor

The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Zabbix
NVD
CVSS 3.1
2.7
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy