Vjaceslavs Bogdanovs

**Name of the Vulnerable Software and Affected Versions** Browser object (affected versions not specified) Zabbix (affected versions not specified) **Description** The issue is related to the handling of data downloaded from an HTTP server by the Browser object's web driver. When the server's response is an empty document, the data pointer remains NULL, and attempting to read from it results in a crash. This is due to the `curl write cb` function not allocating the data pointer until data is received. The vulnerability can be exploited to cause a denial of service (DoS). **Recommendations** For the Browser object, consider implementing a check to ensure the data pointer is not NULL before attempting to read from it. For Zabbix, as a temporary workaround, consider restricting access to the `curl write cb` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Zabbix (affected versions not specified) Description: The issue is related to the improper handling of SNMP trap log output, allowing an attacker to manipulate SNMP traps with additional information and display forged data in the Zabbix user interface. This attack requires that SNMP authentication be disabled or that the attacker knows the community or authentication details. It also requires an SNMP item to be configured as text on the target host. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Zabbix (affected versions not specified) Description: The issue is related to the use of uncontrolled format strings when processing HttpRequest objects, which can allow a remote attacker to gain unauthorized access to protected information. The problem lies in the fact that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript, allowing the creation of internal strings that can be used to access hidden properties of objects. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Zabbix server/proxy (affected versions not specified) Description: The issue is a stack buffer overflow in the `zbx snmp cache handle engineid` function within the Zabbix server/proxy code. This problem occurs when copying data from `session->securityEngineID` to `local record.engineid` without proper bounds checking. The exploitation of this issue may allow a remote attacker to cause a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbi (affected versions not specified) **Description** A use after free error was discovered in the `es browser get variant` function, which can lead to a denial of service (DoS) when exploited. The issue is related to the use of memory after it has been freed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix (affected versions not specified) **Description** The issue is related to the webdriver session query function in Zabbix, which can lead to a null pointer dereference. This can cause a denial of service (DoS) when the function fails without providing an error description, resulting in a crash when trying to read from a null error object. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix (affected versions not specified) **Description** The issue is related to a use-after-free bug in the Zabbix monitoring system. This bug occurs when the `wd->browser` heap pointer is freed by garbage collection, potentially allowing an attacker to cause a denial of service (DoS). The bug is associated with the `es browser ctor` method in the `src/libs/zbxembed/browser.c` file, which retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is then utilized by the `browser push error` method in the `src/libs/zbxembed/browser error.c` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue concerns the export of media types where the password is exported in the YAML in plain text. This is considered a best practices issue and may have no actual impact, as users who can access the media types are expected to have access to these passwords. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Zabbix versions 6.0.0 through 6.0.31 Zabbix versions 6.4.0 through 6.4.16 Zabbix version 7.0.0 Description: A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access, can exploit this vulnerability. An SQL injection exists in the CUser class in the `addRelatedObjects` function, which is called from the `CUser.get` function. This function is available for every user who has API access. The vulnerability allows attackers to escalate privileges and gain full control of the system by sending a specially crafted SQL query through the API. Over 143,000 services are potentially affected. Recommendations: For Zabbix versions 6.0.0 through 6.0.31, update to version 6.0.32rc1 or later. For Zabbix versions 6.4.0 through 6.4.16, update to version 6.4.17rc1 or later. For Zabbix version 7.0.0, update to version 7.0.1rc1 or later. As a temporary workaround, consider restricting access to the `CUser.get` function and the `addRelatedObjects` function until a patch is available. Avoid using the API endpoint that calls these functions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Zabbix versions prior to 7.0.3 **Description** The issue is related to insufficient input validation in the Zabbix universal monitoring system. This can allow a remote attacker to elevate their privileges. When a URL is added to the map element, it is recorded in the database with sequential IDs. However, if a user manually changes the `sysmapelementurlid` value, it can prevent others from adding URLs to the map element. **Recommendations** For Zabbix versions prior to 7.0.3, upgrade the system to a version that contains the fix for this issue to mitigate the risk. As a temporary workaround, consider restricting access to the `sysmapelementurlid` value to prevent manual changes. Avoid using the `sysmapelementurlid` value in a way that could allow an attacker to manipulate it and elevate their privileges.

Name of the Vulnerable Software and Affected Versions: Zabbix (affected versions not specified) Description: The issue is related to a buffer overflow in the str base64 encode rfc2047() function of the Zabbix server, which is part of a universal monitoring system. This can be exploited by a remote attacker to cause a denial of service. Additionally, it has been demonstrated that an out of bounds read in src/libs/zbxmedia/email.c can lead to a small amount of memory leakage from the Zabbix server. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Zabbix (affected versions not specified) Description: The issue is related to weaknesses in the authorization procedure of the Zabbix monitoring system. It allows a remote attacker to elevate their privileges. An authenticated user with access to the API, specifically the `user.update` API endpoint, can add themselves to any group, except for disabled groups or those with restricted GUI access. Recommendations: For all affected versions, consider restricting access to the `user.update` API endpoint until a patch is available. As a temporary workaround, restrict users' ability to add themselves to sensitive groups, such as Administrators. Limit API access to only necessary users and roles to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Zabbix versions prior to 7.0.2 Description: The issue is related to the implementation of `atob` in "Zabbix JS", which allows creating a string with arbitrary content to access internal properties of objects. This can potentially lead to data exposure. The vulnerability is associated with access to a critical private variable through a public method, which can be exploited by a remote attacker to impact the integrity of protected information. Recommendations: For versions prior to 7.0.2, upgrade Zabbix to a newer version to mitigate the risk of data exposure. As a temporary workaround, consider restricting access to the `atob` method in "Zabbix JS" to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Zabbix (affected versions not specified) Description: A bug in the code allows an attacker to sign a forged `zbx session` cookie, which then allows them to sign in with admin permissions. This issue is related to the authentication mechanism, specifically allowing attackers to bypass authentication via spoofing. Exploitation of this issue can enable a remote attacker to bypass existing security restrictions and elevate their privileges using a specially crafted signed `zbx session` cookie. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zabbix (affected versions not specified) **Description** The issue is related to uncontrolled CPU, memory, and disk I/O utilization caused by JavaScript preprocessing, webhooks, and global scripts. This can be exploited to cause a denial of service. The security risk is limited because configuration and testing of these scripts are only available to Administrative roles, such as Admin and Superadmin. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.