Neil Williams pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
76dc57b1 by Neil Williams at 2022-02-14T11:43:18+00:00
CVE-2021-46088/zabbix <undetermined> - closed as a feature upstream
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9189,7 +9189,11 @@ CVE-2021-46090
CVE-2021-46089 (In JeecgBoot 3.0, there is a SQL injection vulnerability that
can oper ...)
NOT-FOR-US: JeecgBoot
CVE-2021-46088 (Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote
Code Exe ...)
- TODO: check
+ - zabbix <undetermined>
+ NOTE: closed upstream as a "feature", then changed in 5.4 to make the
attack less likely
+ NOTE: https://github.com/paalbra/zabbix-zbxsec-7
+ NOTE:
https://www.zabbix.com/documentation/3.0/en/manual/config/notifications/action/operation/remote_command
+ NOTE:
https://www.zabbix.com/documentation/current/en/manual/config/notifications/action/operation/remote_command#access-permissions
CVE-2021-46087 (In jfinal_cms >= 5.1 0, there is a storage XSS
vulnerability in the ...)
NOT-FOR-US: jfinal_cms
CVE-2021-46086 (xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions.
The fron ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76dc57b1a22a2b554029c977389923e0500b3012
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76dc57b1a22a2b554029c977389923e0500b3012
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
