VulnerableCode Package Details - pkg:deb/debian/zabbix@1:5.0.46%2Bdfsg-1%2Bdeb11u1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-172p-q6d5-9ya3	Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.	CVE-2024-36469
VCID-3g1d-2tvh-akh4	Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CPU-intensive decompression operations, ultimately leading to a service crash.	CVE-2024-45700
VCID-mhx5-hcg2-wfc4	The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.	CVE-2024-45699
VCID-psak-h1x6-1kca	Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.	CVE-2024-42325

Vulnerability

Summary

Aliases

VCID-172p-q6d5-9ya3

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one.

CVE-2024-36469

VCID-3g1d-2tvh-akh4

Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CPU-intensive decompression operations, ultimately leading to a service crash.

CVE-2024-45700

VCID-mhx5-hcg2-wfc4

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

CVE-2024-45699

VCID-psak-h1x6-1kca

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc.

CVE-2024-42325

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T07:59:12.229751+00:00	Debian Importer	Fixing	VCID-3g1d-2tvh-akh4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:59:12.173163+00:00	Debian Importer	Fixing	VCID-mhx5-hcg2-wfc4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:59:11.630574+00:00	Debian Importer	Fixing	VCID-psak-h1x6-1kca	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:59:11.573963+00:00	Debian Importer	Fixing	VCID-172p-q6d5-9ya3	https://security-tracker.debian.org/tracker/data/json	38.1.0