Zabbix: Security Vulnerabilities
zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero.
CVSS Score
4.3
EPSS Score
0.059
Published
2008-03-17
zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges.
CVSS Score
2.1
EPSS Score
0.001
Published
2007-12-04
Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."
CVSS Score
10.0
EPSS Score
0.009
Published
2007-01-31
Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog.
CVSS Score
7.5
EPSS Score
0.06
Published
2006-12-21
Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions.
CVSS Score
7.5
EPSS Score
0.01
Published
2006-12-21
Page 12