vulnerability
Ubuntu: USN-4767-1 (CVE-2016-4338): Zabbix vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Jan 23, 2017 | Mar 22, 2023 | Aug 18, 2025 |
Description
Fu Chuang discovered that Zabbix did not properly parse IPs. A remote
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
(CVE-2020-11800)
It was discovered that Zabbix incorrectly handled certain requests. A
remote attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2017-2824, CVE-2017-2825)
It was discovered that Zabbix incorrectly handled certain XML files. A
remote attacker could possibly use this issue to read arbitrary files or
potentially execute arbitrary code. This issue only affected
Ubuntu 14.04 ESM. (CVE-2014-3005)
It was discovered that Zabbix incorrectly handled certain inputs. A remote
attacker could possibly use this issue to execute arbitrary SQL commands.
This issue only affected Ubuntu 14.04 ESM. (CVE-2016-10134, CVE-2016-4338)
It was discovered that Zabbix incorrectly handled the request parameter. A
remote attacker could possibly use this issue to redirect requests to
external links. This issue only affected Ubuntu 14.04 ESM and
Ubuntu 18.04 ESM. (CVE-2016-10742)
It was discovered that Zabbix incorrectly handled failed login attempts. A
remote attacker could possibly use this issue to enumerate users.
(CVE-2019-15132)
It was discovered that Zabbix did not properly validate input. A remote
attacker could exploit this to conduct cross-site scripting (XSS) attacks.
This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and
Ubuntu 20.04 ESM. (CVE-2020-15803)
Solutions
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.