[Git][security-tracker-team/security-tracker][master] Add new zabbix issues

Fri, 04 Apr 2025 11:48:00 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cd226a29 by Salvatore Bonaccorso at 2025-04-02T22:35:40+02:00
Add new zabbix issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -280,17 +280,22 @@ CVE-2025-0676 (This vulnerability involves command 
injection in tcpdump within M
 CVE-2025-0415 (A remote attacker with web administrator privileges can exploit 
the de ...)
        NOT-FOR-US: Moxa
 CVE-2024-45700 (Zabbix server is vulnerable to a DoS vulnerability due to 
uncontrolled ...)
-       TODO: check
+       - zabbix 1:7.0.10+dfsg-1
+       NOTE: https://support.zabbix.com/browse/ZBX-26253
 CVE-2024-45699 (The endpoint /zabbix.php?action=export.valuemaps suffers from 
a Cross- ...)
-       TODO: check
+       - zabbix <unfixed>
+       NOTE: https://support.zabbix.com/browse/ZBX-26254
+       TODO: check, might be fixed in 1:7.0.9+dfsg-1 already, upstream claims 
7.0.7rc1
 CVE-2024-42325 (Zabbix API user.get returns all users that share common group 
with the ...)
-       TODO: check
+       - zabbix 1:7.0.9+dfsg-1
+       NOTE: https://support.zabbix.com/browse/ZBX-26258
 CVE-2024-39780 (A YAML deserialization vulnerability was found in the Robot 
Operating  ...)
        - ros-dynamic-reconfigure <unfixed>
        NOTE: https://github.com/ros/dynamic_reconfigure/pull/202
        NOTE: Fixed by: 
https://github.com/ros/dynamic_reconfigure/commit/9975cc8b55b3039115da6662cc7279cc65303844
 CVE-2024-36469 (Execution time for an unsuccessful login differs when using a 
non-exis ...)
-       TODO: check
+       - zabbix 1:7.0.9+dfsg-1
+       NOTE: https://support.zabbix.com/browse/ZBX-26255
 CVE-2024-36465 (A low privilege (regular) Zabbix user with API access can use 
SQL inje ...)
        TODO: check
 CVE-2024-13941 (A vulnerability was found in ouch-org ouch up to 0.3.1. It has 
been cl ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd226a29c7a85705c6df36e15005c13b01f8e07e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd226a29c7a85705c6df36e15005c13b01f8e07e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to