[Git][security-tracker-team/security-tracker][master] Add some zabbix issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 27 07:17:23 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5bb21df3 by Salvatore Bonaccorso at 2026-03-27T08:17:05+01:00
Add some zabbix issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2380,15 +2380,20 @@ CVE-2026-27651 (When the ngx_mail_auth_http_modulemodule is enabled on NGINX Plu
 CVE-2026-26809
 	REJECTED
 CVE-2026-23924 (Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.co ...)
-	TODO: check
+	- zabbix <unfixed>
+	NOTE: https://support.zabbix.com/browse/ZBX-27642
 CVE-2026-23923 (An unauthenticated attacker can exploit the Frontend 'validate' action ...)
-	TODO: check
+	- zabbix <not-affected> (Only affects Zabbix 7.4 series)
+	NOTE: https://support.zabbix.com/browse/ZBX-27641
 CVE-2026-23921 (A low privilege Zabbix user with API access can exploit a blind SQL in ...)
-	TODO: check
+	- zabbix <unfixed>
+	NOTE: https://support.zabbix.com/browse/ZBX-27640
 CVE-2026-23920 (Host and event action script input is validated with a regex (set by t ...)
-	TODO: check
+	- zabbix <unfixed>
+	NOTE: https://support.zabbix.com/browse/ZBX-27639
 CVE-2026-23919 (For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape ...)
-	TODO: check
+	- zabbix <unfixed>
+	NOTE: https://support.zabbix.com/browse/ZBX-27638
 CVE-2026-22559 (An Improper Input Validation vulnerability in UniFi Network Server may ...)
 	NOT-FOR-US: UniFi
 CVE-2026-21783 (HCL Traveler is affected by sensitive information disclosure. The appl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bb21df3e28b686ddf735c03e8c36bf9d4d7b467

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5bb21df3e28b686ddf735c03e8c36bf9d4d7b467
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260327/922f5b06/attachment.htm>

More information about the debian-security-tracker-commits mailing list