[Git][security-tracker-team/security-tracker][master] Add Debian bug references for zabbix issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Oct 5 20:32:22 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
92441897 by Salvatore Bonaccorso at 2025-10-05T21:31:54+02:00
Add Debian bug references for zabbix issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -902,7 +902,7 @@ CVE-2025-49844 (Redis is an open source, in-memory database that persists on dis
NOTE: https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539 (8.2.2)
NOTE: https://github.com/valkey-io/valkey/commit/6dd003e88feace83e55491f32376f6927896e31e
CVE-2025-49641 (A regular Zabbix user with no permission to the Monitoring -> Problems ...)
- - zabbix <unfixed>
+ - zabbix <unfixed> (bug #1117448)
NOTE: https://support.zabbix.com/browse/ZBX-27063
NOTE: Fixed in: 6.0.41, 7.0.18, 7.2.12, 7.4.2
CVE-2025-48730 (A use of externally-controlled format string vulnerability has been re ...)
@@ -976,11 +976,11 @@ CVE-2025-27237 (In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuratio
- zabbix <not-affected> (Only affects Zabbix Agent and Agent2 on Windows)
NOTE: https://support.zabbix.com/browse/ZBX-27061
CVE-2025-27236 (A regular Zabbix user can search other users in their user group via Z ...)
- - zabbix <unfixed>
+ - zabbix <unfixed> (bug #1117448)
NOTE: https://support.zabbix.com/browse/ZBX-27060
NOTE: Fixed in: 6.0.41, 7.0.17, 7.2.11, 7.4.1
CVE-2025-27231 (The LDAP 'Bind password' value cannot be read after saving, but a Supe ...)
- - zabbix <unfixed>
+ - zabbix <unfixed> (bug #1117448)
NOTE: https://support.zabbix.com/browse/ZBX-27062
NOTE: Fixed in: 6.0.41, 7.0.18, 7.2.12, 7.4.2
CVE-2025-11234 (A flaw was found in QEMU. If the QIOChannelWebsock object is freed whi ...)
@@ -9750,7 +9750,7 @@ CVE-2025-27240 (A Zabbix adminitrator can inject arbitrary SQL during the autore
NOTE: https://support.zabbix.com/browse/ZBX-26986
NOTE: Fixed in 6.0.34, 6.4.19, 7.0.4
CVE-2025-27238 (Due to a bug in Zabbix API, the hostprototype.get method lists all hos ...)
- - zabbix <unfixed>
+ - zabbix <unfixed> (bug #1117448)
NOTE: https://support.zabbix.com/browse/ZBX-26988
NOTE: Fixed in 7.0.14, 7.2.8
CVE-2025-27234 (Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.g ...)
@@ -9760,7 +9760,7 @@ CVE-2025-27234 (Zabbix Agent 2 smartctl plugin does not properly sanitize smart.
NOTE: 6.0.0 series onwards as the fixed version as workaround.
NOTE: Fixed in 5.0.47
CVE-2025-27233 (Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.g ...)
- - zabbix <unfixed>
+ - zabbix <unfixed> (bug #1117448)
NOTE: https://support.zabbix.com/browse/ZBX-26987
NOTE: Fixed upstream in 6.0.40, 7.0.11, 7.2.5
CVE-2025-10365 (The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fab ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92441897fc9adc0e9bd609b7a1304ff7a0f1b7b8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/92441897fc9adc0e9bd609b7a1304ff7a0f1b7b8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251005/9249c62f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list