[Git][security-tracker-team/security-tracker][master] new zabbix issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a4e8f5d by Moritz Muehlenhoff at 2023-07-14T19:11:44+02:00
new zabbix issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12972,25 +12972,37 @@ CVE-2023-29460 (An arbitrary code execution vulnerability contained in Rockwell
 CVE-2023-29459 (The laola.redbull application through 5.1.9-R for Android exposes the  ...)
 	NOT-FOR-US: laola.redbull
 CVE-2023-29458 (Duktape is an 3rd-party embeddable JavaScript engine, with a focus on  ...)
-	TODO: check
+	- zabbix <unfixed>
+	NOTE: This appears to be bug in Zabbix's use of duktape, not an issue in src:duktape per se
+	NOTE: https://support.zabbix.com/browse/ZBX-22989
 CVE-2023-29457 (Reflected XSS attacks, occur when a malicious script is reflected off  ...)
-	TODO: check
+	- zabbix <unfixed>
+	NOTE: https://support.zabbix.com/browse/ZBX-22988
 CVE-2023-29456 (URL validation scheme receives input from a user and then parses it to ...)
-	TODO: check
+	- zabbix <unfixed>
+	NOTE: https://support.zabbix.com/browse/ZBX-22987
 CVE-2023-29455 (Reflected XSS attacks, also known as non-persistent attacks, occur whe ...)
-	TODO: check
+	- zabbix <unfixed>
+	NOTE: https://support.zabbix.com/browse/ZBX-22986
 CVE-2023-29454 (Stored or persistent cross-site scripting (XSS) is a type of XSS where ...)
-	TODO: check
+	- zabbix <unfixed>
+	NOTE: https://support.zabbix.com/browse/ZBX-22985
 CVE-2023-29453
 	RESERVED
 CVE-2023-29452 (Currently, geomap configuration (Administration -> General -> Geograph ...)
-	TODO: check
+	- zabbix <unfixed>
+	[bullseye] - zabbix <not-affected> (5.x not affected)
+	NOTE: https://support.zabbix.com/browse/ZBX-22981
 CVE-2023-29451 (Specially crafted string can cause a buffer overrun in the JSON parser ...)
-	TODO: check
+	- zabbix <unfixed>
+	[bullseye] - zabbix <not-affected> (5.x not affected)
+	NOTE: https://support.zabbix.com/browse/ZBX-22587
 CVE-2023-29450 (JavaScript pre-processing can be used by the attacker to gain access t ...)
-	TODO: check
+	- zabbix <unfixed>
+	NOTE: https://support.zabbix.com/browse/ZBX-22588
 CVE-2023-29449 (JavaScript preprocessing, webhooks and global scripts can cause uncont ...)
-	TODO: check
+	- zabbix <unfixed>
+	NOTE: https://support.zabbix.com/browse/ZBX-22589
 CVE-2023-29448
 	RESERVED
 CVE-2023-29447



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a4e8f5d232f58fd40c6c63f7abd5a5843ac7b9b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a4e8f5d232f58fd40c6c63f7abd5a5843ac7b9b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230714/f14d2050/attachment-0001.htm>