diff options
| author | Neil Williams <codehelp@debian.org> | 2022-02-14 11:43:18 +0000 |
|---|---|---|
| committer | Neil Williams <codehelp@debian.org> | 2022-02-14 11:43:18 +0000 |
| commit | fb376dfd0ee71cb1c57edab2170798a2328003df (patch) | |
| tree | 951f87e3b55fe6b8819538d3b3a257ea2fb0e47a | |
| parent | 72a0e74479159845af839d42dae2207d1ee8028d (diff) | |
CVE-2021-46088/zabbix <undetermined> - closed as a feature upstream
| -rw-r--r-- | data/CVE/list.2021 | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021 index ba61836209..bc8e925cb5 100644 --- a/data/CVE/list.2021 +++ b/data/CVE/list.2021 @@ -1423,7 +1423,11 @@ CVE-2021-46090 CVE-2021-46089 (In JeecgBoot 3.0, there is a SQL injection vulnerability that can oper ...) NOT-FOR-US: JeecgBoot CVE-2021-46088 (Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Exe ...) - TODO: check + - zabbix <undetermined> + NOTE: closed upstream as a "feature", then changed in 5.4 to make the attack less likely + NOTE: https://github.com/paalbra/zabbix-zbxsec-7 + NOTE: https://www.zabbix.com/documentation/3.0/en/manual/config/notifications/action/operation/remote_command + NOTE: https://www.zabbix.com/documentation/current/en/manual/config/notifications/action/operation/remote_command#access-permissions CVE-2021-46087 (In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the ...) NOT-FOR-US: jfinal_cms CVE-2021-46086 (xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The fron ...) |