[Git][security-tracker-team/security-tracker][master] new zabbix issues

Moritz Muehlenhoff (@jmm) Fri, 14 Jul 2023 10:12:41 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3a4e8f5d by Moritz Muehlenhoff at 2023-07-14T19:11:44+02:00
new zabbix issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12972,25 +12972,37 @@ CVE-2023-29460 (An arbitrary code execution 
vulnerability contained in Rockwell
 CVE-2023-29459 (The laola.redbull application through 5.1.9-R for Android 
exposes the  ...)
        NOT-FOR-US: laola.redbull
 CVE-2023-29458 (Duktape is an 3rd-party embeddable JavaScript engine, with a 
focus on  ...)
-       TODO: check
+       - zabbix <unfixed>
+       NOTE: This appears to be bug in Zabbix's use of duktape, not an issue 
in src:duktape per se
+       NOTE: https://support.zabbix.com/browse/ZBX-22989
 CVE-2023-29457 (Reflected XSS attacks, occur when a malicious script is 
reflected off  ...)
-       TODO: check
+       - zabbix <unfixed>
+       NOTE: https://support.zabbix.com/browse/ZBX-22988
 CVE-2023-29456 (URL validation scheme receives input from a user and then 
parses it to ...)
-       TODO: check
+       - zabbix <unfixed>
+       NOTE: https://support.zabbix.com/browse/ZBX-22987
 CVE-2023-29455 (Reflected XSS attacks, also known as non-persistent attacks, 
occur whe ...)
-       TODO: check
+       - zabbix <unfixed>
+       NOTE: https://support.zabbix.com/browse/ZBX-22986
 CVE-2023-29454 (Stored or persistent cross-site scripting (XSS) is a type of 
XSS where ...)
-       TODO: check
+       - zabbix <unfixed>
+       NOTE: https://support.zabbix.com/browse/ZBX-22985
 CVE-2023-29453
        RESERVED
 CVE-2023-29452 (Currently, geomap configuration (Administration -> General -> 
Geograph ...)
-       TODO: check
+       - zabbix <unfixed>
+       [bullseye] - zabbix <not-affected> (5.x not affected)
+       NOTE: https://support.zabbix.com/browse/ZBX-22981
 CVE-2023-29451 (Specially crafted string can cause a buffer overrun in the 
JSON parser ...)
-       TODO: check
+       - zabbix <unfixed>
+       [bullseye] - zabbix <not-affected> (5.x not affected)
+       NOTE: https://support.zabbix.com/browse/ZBX-22587
 CVE-2023-29450 (JavaScript pre-processing can be used by the attacker to gain 
access t ...)
-       TODO: check
+       - zabbix <unfixed>
+       NOTE: https://support.zabbix.com/browse/ZBX-22588
 CVE-2023-29449 (JavaScript preprocessing, webhooks and global scripts can 
cause uncont ...)
-       TODO: check
+       - zabbix <unfixed>
+       NOTE: https://support.zabbix.com/browse/ZBX-22589
 CVE-2023-29448
        RESERVED
 CVE-2023-29447



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a4e8f5d232f58fd40c6c63f7abd5a5843ac7b9b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a4e8f5d232f58fd40c6c63f7abd5a5843ac7b9b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new zabbix issues

Reply via email to