Source: zabbix X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerabilities were published for zabbix. CVE-2023-32721[0]: | A stored XSS has been found in the Zabbix web application in the | Maps element if a URL field is set with spaces before URL. https://support.zabbix.com/browse/ZBX-23389 CVE-2023-32722[1]: | The zabbix/src/libs/zbxjson module is vulnerable to a buffer | overflow when parsing JSON files via zbx_json_open. https://support.zabbix.com/browse/ZBX-23390 CVE-2023-32723[2]: | Request to LDAP is sent before user permissions are checked. https://support.zabbix.com/browse/ZBX-23230 CVE-2023-32724[3]: | Memory pointer is in a property of the Ducktape object. This leads | to multiple vulnerabilities related to direct memory access and | manipulation. https://support.zabbix.com/browse/ZBX-23391 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-32721 https://www.cve.org/CVERecord?id=CVE-2023-32721 [1] https://security-tracker.debian.org/tracker/CVE-2023-32722 https://www.cve.org/CVERecord?id=CVE-2023-32722 [2] https://security-tracker.debian.org/tracker/CVE-2023-32723 https://www.cve.org/CVERecord?id=CVE-2023-32723 [3] https://security-tracker.debian.org/tracker/CVE-2023-32724 https://www.cve.org/CVERecord?id=CVE-2023-32724 Please adjust the affected versions in the BTS as needed.