In Zabbix Server versions prior to 1:7.0.5+dfsg-1 a low severity vulnerability CVE-2024-42333 was detected. This vulnerability lets attackers access a small portion of server memory by reading memory outside its intended boundaries in the code src/libs/zbxmedia/email.c. This could potentially leak sensitive data. To address this issue, users must upgrade to version 1:7.0.5+dfsg-1 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-42333.
Read more Monitoring
In Zabbix versions from 6.0.0 to 6.0.29 and from 6.4.0 to 6.4.14 a medium severity vulnerability CVE-2024-36464 was detected. This vulnerability allows attackers to retrieve passwords stored in plain text within YAML files if they have access to them, potentially compromising sensitive systems. To fix this issue, users should upgrade Zabbix to versions 6.0.30rc1 or 6.4.15rc1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-36464.
Read more Monitoring
In python-multipart (a streaming multipart parser for Python) versions prior to 0.0.18 a high severity vulnerability CVE-2024-53981 was detected. This vulnerability allows attackers to send specially crafted requests that can overload the server, causing it to become unresponsive and preventing other requests from being processed. To fix this issue, users should upgrade python-multipart to version 0.0.18. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-53981.
Read more Application Development
In PrestaShop version 8.1.4 a medium severity vulnerability CVE-2024-36626 was detected. This vulnerability allows attackers to exploit the function with malformed inputs, potentially causing the application to crash or resulting in a denial of service (DoS). To fix this issue, users should upgrade PrestaShop to version 8.1.5. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-36626.
Read more E-commerce
In Zulip version 8.3 a medium severity vulnerability CVE-2024-36625 was detected. This vulnerability allows attackers to inject malicious scripts into the application, which can then be executed in the context of other users’ browsers. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-36625.
Read more Communication
In Zulip version 8.3 a medium severity vulnerability CVE-2024-36624 was detected. This vulnerability allows attackers to exploit the application using Cross Site Scripting (XSS) techniques. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-36624.
Read more Communication
In Zulip versions 8.0 to 8.3 a high severity vulnerability CVE-2024-36612 was detected. This vulnerability allows attackers to exploit a memory leak in the handling of popovers. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-36612.
Read more Communication
In Zabbix versions 6.0.0 up to 6.0.31, 6.4.0 up to 6.4.16 and 7.0.0 to 7.0.1 a critical severity vulnerability CVE-2024-42327 was detected. This vulnerability allows attackers with API access, even with non-admin accounts, to exploit an SQL injection in the `CUser` class via the `addRelatedObjects` function. To address this issue, users should upgrade Zabbix to versions 6.0.32rc1, 6.4.17rc1 or 7.0.2rc1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-42327.
Read more Monitoring
In Zabbix versions 6.0.0 to 6.0.34, 6.4.0 to 6.4.19, and 7.0.0 to 7.0.4 a low severity vulnerability CVE-2024-42332 was detected. This vulnerability lets attackers send an SNMP (Simple Network Management Protocol) trap with extra data, showing fake information in the Zabbix UI. The attack works if SNMP authentication is off or if the attacker knows the community/authentication details. An SNMP item must also be set as text on the target host. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-42332.
Read more Monitoring