VulnerableCode Package Details - pkg:deb/debian/zabbix@1:7.0.1%2Bdfsg-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-9jfn-6nvg-a3b6	A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.	CVE-2024-42327
VCID-gp3f-yz9h-eqax	The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text.	CVE-2024-36460
VCID-hgbt-8rz5-q3a9	Uncontrolled resource consumption refers to a software vulnerability where a attacker or system uses excessive resources, such as CPU, memory, or network bandwidth, without proper limitations or controls. This can cause a denial-of-service (DoS) attack or degrade the performance of the affected system.	CVE-2024-36462
VCID-nrkb-pzcu-8ueg	Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.	CVE-2024-36461
VCID-ry8x-mjbp-qqct	A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.	CVE-2024-36466

Vulnerability

Summary

Aliases

VCID-9jfn-6nvg-a3b6

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.

CVE-2024-42327

VCID-gp3f-yz9h-eqax

The front-end audit log allows viewing of unprotected plaintext passwords, where the passwords are displayed in plain text.

CVE-2024-36460

VCID-hgbt-8rz5-q3a9

Uncontrolled resource consumption refers to a software vulnerability where a attacker or system uses excessive resources, such as CPU, memory, or network bandwidth, without proper limitations or controls. This can cause a denial-of-service (DoS) attack or degrade the performance of the affected system.

CVE-2024-36462

VCID-nrkb-pzcu-8ueg

Within Zabbix, users have the ability to directly modify memory pointers in the JavaScript engine.

CVE-2024-36461

VCID-ry8x-mjbp-qqct

A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.

CVE-2024-36466

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T10:07:46.115744+00:00	Debian Importer	Fixing	VCID-hgbt-8rz5-q3a9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T06:48:11.488937+00:00	Debian Importer	Fixing	VCID-hgbt-8rz5-q3a9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:59:11.767965+00:00	Debian Importer	Fixing	VCID-9jfn-6nvg-a3b6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:59:11.410091+00:00	Debian Importer	Fixing	VCID-ry8x-mjbp-qqct	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:59:11.182485+00:00	Debian Importer	Fixing	VCID-hgbt-8rz5-q3a9	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:59:11.123262+00:00	Debian Importer	Fixing	VCID-nrkb-pzcu-8ueg	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:59:11.059037+00:00	Debian Importer	Fixing	VCID-gp3f-yz9h-eqax	https://security-tracker.debian.org/tracker/data/json	38.1.0