In Browser WebDriver for Zabbix versions from 7.0.0 to 7.0.3 a medium severity vulnerability CVE-2024-42328 was detected. This vulnerability allows attackers to crash the application by exploiting a NULL pointer dereference when the server returns an empty response. To fix this issue, users should upgrade Zabbix to version 7.0.4rc1. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-42328.
Read more MonitoringIn Zabbix versions from 6.0.0 to 6.0.33, from 6.4.0 to 6.4.18, from 7.0.0 to 7.0.3 a critical severity vulnerability CVE-2024-42330 was detected. This vulnerability allows attackers to manipulate HTTP headers to access hidden properties of objects by exploiting improper encoding of server data for JavaScript. To fix this issue, users should upgrade Zabbix to versions 6.0.34rc1, 6.4.19rc1, and 7.0.4rc1. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-42330.
Read more MonitoringIn Zabbix Server versions prior to 1:7.0.5+dfsg-1 a low severity vulnerability CVE-2024-42333 was detected. This vulnerability lets attackers access a small portion of server memory by reading memory outside its intended boundaries in the code src/libs/zbxmedia/email.c. This could potentially leak sensitive data. To address this issue, users must upgrade to version 1:7.0.5+dfsg-1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-42333.
Read more MonitoringIn Zabbix versions from 6.0.0 to 6.0.29 and from 6.4.0 to 6.4.14 a medium severity vulnerability CVE-2024-36464 was detected. This vulnerability allows attackers to retrieve passwords stored in plain text within YAML files if they have access to them, potentially compromising sensitive systems. To fix this issue, users should upgrade Zabbix to versions 6.0.30rc1 or 6.4.15rc1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-36464.
Read more MonitoringIn Zabbix versions 6.0.0 up to 6.0.31, 6.4.0 up to 6.4.16 and 7.0.0 to 7.0.1 a critical severity vulnerability CVE-2024-42327 was detected. This vulnerability allows attackers with API access, even with non-admin accounts, to exploit an SQL injection in the `CUser` class via the `addRelatedObjects` function. To address this issue, users should upgrade Zabbix to versions 6.0.32rc1, 6.4.17rc1 or 7.0.2rc1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-42327.
Read more MonitoringIn Zabbix versions 6.0.0 to 6.0.34, 6.4.0 to 6.4.19, and 7.0.0 to 7.0.4 a low severity vulnerability CVE-2024-42332 was detected. This vulnerability lets attackers send an SNMP (Simple Network Management Protocol) trap with extra data, showing fake information in the Zabbix UI. The attack works if SNMP authentication is off or if the attacker knows the community/authentication details. An SNMP item must also be set as text on the target host. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-42332.
Read more MonitoringIn Sentry version 24.11.0 a medium severity vulnerability CVE-2024-53253 was detected. A specific error message could expose a plaintext Client ID and Client Secret in the HTTP response. This issue affects self-hosted users with custom integrations. To address this issue, upgrade to the latest version or downgrade to 24.10.0. For Sentry SaaS users, no action is needed as the issue was resolved. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-53253.
Read more MonitoringIn LibreNMS versions before 24.10.0 a medium severity vulnerability CVE-2024-50352 was detected. This vulnerability allows attackers to inject malicious JavaScript through the “name” field in the “Services” section. To address this issue, update to LibreNMS version 24.10.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-50352.
Read more MonitoringIn LibreNMS versions before 24.10.0 a medium severity vulnerability CVE-2024-50355 was detected. This vulnerability allows attackers with Admin role to inject JavaScript code into the device Display Name, which is not properly sanitized. The injected code can be triggered from different sources. To address this issue, update to LibreNMS version 24.10.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-50355.
Read more Monitoring