Debian 11 bullseye: DLA-4131-1 moderate: Zabbix remote code execution
debian lts
April 19, 2025
Several security vulnerabilities have been discovered in zabbix, a network monitoring solution, potentially among other effects allowing denial of service, information disclosure o...
Summary
CVE-2024-36469
Execution time for an unsuccessful login differs when using a
non-existing username compared to using an existing one.
CVE-2024-42325
Zabbix API user.get returns all users that share common group with the
calling user. This includes media and other information, such as login
attempts, etc.
CVE-2024-45699
The endpoint /zabbix.php?action=export.valuemaps suffers from a
Cross-Site Scripting vulnerability via the backurl parameter. This is
caused by the reflection of user-supplied data without appropriate HTML
escaping or output encoding. As a result, a JavaScript payload may be
injected into the above endpoint causing it to be executed within the
context of the victim's browser.
CVE-2024-45700
Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled
resource exhaustion. An attacker can send specially crafted requests to
the server, which will cause the server to allocate an excessive amount
PREVIOUS
NEXT
Package: zabbix
Version: 1:5.0.46+dfsg-1+deb11u1
CVE ID: CVE-2024-36469 CVE-2024-42325 CVE-2024-45699 CVE-2024-45700
Debian Bug:
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!