[Git][security-tracker-team/security-tracker][master] Add initial tracking for three zabbix issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Dec 3 09:10:44 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
adcd43e1 by Salvatore Bonaccorso at 2025-12-03T10:10:03+01:00
Add initial tracking for three zabbix issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -589,9 +589,11 @@ CVE-2025-51683 (A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 a
CVE-2025-51682 (mJobtime 15.7.2 handles authorization on the client side, which allows ...)
NOT-FOR-US: mJobtime
CVE-2025-49643 (An authenticated Zabbix user (including Guest) is able to cause dispro ...)
- TODO: check
+ - zabbix <unfixed>
+ NOTE: https://support.zabbix.com/browse/ZBX-27284
CVE-2025-49642 (Library loading on AIX Zabbix Agent builds can be hijacked by local us ...)
- TODO: check
+ - zabbix <not-affected> (Only affects Agent builds for AIX)
+ NOTE: https://support.zabbix.com/browse/ZBX-27283
CVE-2025-41739 (An unauthenticated remote attacker, who beats a race condition, can ex ...)
NOT-FOR-US: CODESYS
CVE-2025-41738 (An unauthenticated remote attacker may cause the visualisation server ...)
@@ -607,7 +609,8 @@ CVE-2025-34297 (KissFFT versions prior to the fix commit 1b083165 contain an int
CVE-2025-2879 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
NOT-FOR-US: ARM
CVE-2025-27232 (An authenticated Zabbix Super Admin can exploit the oauth.authorize ac ...)
- TODO: check
+ - zabbix <not-affected> (Vulnerable code not present)
+ NOTE: https://support.zabbix.com/browse/ZBX-27282
CVE-2025-26858 (A buffer overflow vulnerability exists in the Modbus TCP functionality ...)
NOT-FOR-US: Socomec
CVE-2025-23417 (A denial of service vulnerability exists in the Modbus RTU over TCP fu ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adcd43e12241ae3826bff3288b1928b2ed1e3732
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/adcd43e12241ae3826bff3288b1928b2ed1e3732
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251203/7bdfcdd3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list