Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
92441897 by Salvatore Bonaccorso at 2025-10-05T21:31:54+02:00
Add Debian bug references for zabbix issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -902,7 +902,7 @@ CVE-2025-49844 (Redis is an open source, in-memory database
that persists on dis
NOTE:
https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539
(8.2.2)
NOTE:
https://github.com/valkey-io/valkey/commit/6dd003e88feace83e55491f32376f6927896e31e
CVE-2025-49641 (A regular Zabbix user with no permission to the Monitoring ->
Problems ...)
- - zabbix <unfixed>
+ - zabbix <unfixed> (bug #1117448)
NOTE: https://support.zabbix.com/browse/ZBX-27063
NOTE: Fixed in: 6.0.41, 7.0.18, 7.2.12, 7.4.2
CVE-2025-48730 (A use of externally-controlled format string vulnerability has
been re ...)
@@ -976,11 +976,11 @@ CVE-2025-27237 (In Zabbix Agent and Agent 2 on Windows,
the OpenSSL configuratio
- zabbix <not-affected> (Only affects Zabbix Agent and Agent2 on
Windows)
NOTE: https://support.zabbix.com/browse/ZBX-27061
CVE-2025-27236 (A regular Zabbix user can search other users in their user
group via Z ...)
- - zabbix <unfixed>
+ - zabbix <unfixed> (bug #1117448)
NOTE: https://support.zabbix.com/browse/ZBX-27060
NOTE: Fixed in: 6.0.41, 7.0.17, 7.2.11, 7.4.1
CVE-2025-27231 (The LDAP 'Bind password' value cannot be read after saving,
but a Supe ...)
- - zabbix <unfixed>
+ - zabbix <unfixed> (bug #1117448)
NOTE: https://support.zabbix.com/browse/ZBX-27062
NOTE: Fixed in: 6.0.41, 7.0.18, 7.2.12, 7.4.2
CVE-2025-11234 (A flaw was found in QEMU. If the QIOChannelWebsock object is
freed whi ...)
@@ -9750,7 +9750,7 @@ CVE-2025-27240 (A Zabbix adminitrator can inject
arbitrary SQL during the autore
NOTE: https://support.zabbix.com/browse/ZBX-26986
NOTE: Fixed in 6.0.34, 6.4.19, 7.0.4
CVE-2025-27238 (Due to a bug in Zabbix API, the hostprototype.get method lists
all hos ...)
- - zabbix <unfixed>
+ - zabbix <unfixed> (bug #1117448)
NOTE: https://support.zabbix.com/browse/ZBX-26988
NOTE: Fixed in 7.0.14, 7.2.8
CVE-2025-27234 (Zabbix Agent 2 smartctl plugin does not properly sanitize
smart.disk.g ...)
@@ -9760,7 +9760,7 @@ CVE-2025-27234 (Zabbix Agent 2 smartctl plugin does not
properly sanitize smart.
NOTE: 6.0.0 series onwards as the fixed version as workaround.
NOTE: Fixed in 5.0.47
CVE-2025-27233 (Zabbix Agent 2 smartctl plugin does not properly sanitize
smart.disk.g ...)
- - zabbix <unfixed>
+ - zabbix <unfixed> (bug #1117448)
NOTE: https://support.zabbix.com/browse/ZBX-26987
NOTE: Fixed upstream in 6.0.40, 7.0.11, 7.2.5
CVE-2025-10365 (The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet
Switching Fab ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92441897fc9adc0e9bd609b7a1304ff7a0f1b7b8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92441897fc9adc0e9bd609b7a1304ff7a0f1b7b8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
