cbcvebase.
CVE-2006-6692
published 2006-12-21

CVE-2006-6692: Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute…

PriorityP336high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
7.79%
93.9th percentile
Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianzabbix< zabbix 1:1.1.2-4 (bookworm)zabbix 1:1.1.2-4 (bookworm)
zabbixzabbix
zabbixzabbix>= 0 < 1:1.1.2-41:1.1.2-4
zabbixzabbix>= 0 < 1:1.1.2-41:1.1.2-4
zabbixzabbix>= 0 < 1:1.1.2-41:1.1.2-4
zabbixzabbix>= 0 < 1:1.1.2-41:1.1.2-4

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.