Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/zabbix@1:6.0.14%2Bdfsg-1
Typedeb
Namespacedebian
Namezabbix
Version1:6.0.14+dfsg-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1:7.0.9+dfsg-1~bpo12+1
Latest_non_vulnerable_version1:7.0.9+dfsg-1~bpo12+1
Affected_by_vulnerabilities
0
url VCID-3azv-fsyx-n3fz
vulnerability_id VCID-3azv-fsyx-n3fz
summary Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.
references
0
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175
reference_id 1055175
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175
fixed_packages
0
url pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1
purl pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1
aliases CVE-2023-29458
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3azv-fsyx-n3fz
1
url VCID-jkcz-zpks-ubgz
vulnerability_id VCID-jkcz-zpks-ubgz
summary The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects.
references
0
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1
reference_url https://support.zabbix.com/browse/ZBX-25611
reference_id ZBX-25611
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T16:21:34Z/
url https://support.zabbix.com/browse/ZBX-25611
fixed_packages
0
url pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1
purl pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1
aliases CVE-2024-36463
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jkcz-zpks-ubgz
2
url VCID-m5us-tmqh-wkbm
vulnerability_id VCID-m5us-tmqh-wkbm
summary The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.
references
0
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
fixed_packages
0
url pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1
purl pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1
aliases CVE-2023-32725
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5us-tmqh-wkbm
3
url VCID-pr1g-m4k2-1ue1
vulnerability_id VCID-pr1g-m4k2-1ue1
summary A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions.
references
0
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1
reference_url https://support.zabbix.com/browse/ZBX-25635
reference_id ZBX-25635
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-04T04:55:27Z/
url https://support.zabbix.com/browse/ZBX-25635
fixed_packages
0
url pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1
purl pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1
aliases CVE-2024-36466
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pr1g-m4k2-1ue1
4
url VCID-tbsd-gk6n-9ygc
vulnerability_id VCID-tbsd-gk6n-9ygc
summary Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. This can be used to leak the NTLMv2 hash from a Windows system.
references
0
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117448
reference_id 1117448
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117448
fixed_packages
0
url pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1
purl pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1
aliases CVE-2025-27233
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tbsd-gk6n-9ygc
5
url VCID-xwr8-85au-ukd7
vulnerability_id VCID-xwr8-85au-ukd7
summary Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages.
references
0
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175
reference_id 1055175
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055175
fixed_packages
0
url pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1
purl pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1
aliases CVE-2023-29454
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xwr8-85au-ukd7
6
url VCID-ytep-z8dn-vfh7
vulnerability_id VCID-ytep-z8dn-vfh7
summary When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.
references
0
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1
reference_url https://support.zabbix.com/browse/ZBX-25610
reference_id ZBX-25610
reference_type
scores
0
value 2.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T15:03:28Z/
url https://support.zabbix.com/browse/ZBX-25610
fixed_packages
0
url pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1
purl pkg:deb/debian/zabbix@1:7.0.9%2Bdfsg-1~bpo12%2B1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:7.0.9%252Bdfsg-1~bpo12%252B1
aliases CVE-2024-22117
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ytep-z8dn-vfh7
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/zabbix@1:6.0.14%252Bdfsg-1