rpm package
opensuse/cacti-spine&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/cacti-spine&distro=openSUSE%20Leap%2015.6
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-34340 | — | < 1.2.27-bp156.2.3.1 | 1.2.27-bp156.2.3.1 | May 13, 2024 | Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat | ||
| CVE-2024-31460 | — | < 1.2.27-bp156.2.3.1 | 1.2.27-bp156.2.3.1 | May 13, 2024 | Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_a | ||
| CVE-2024-31459 | — | < 1.2.27-bp156.2.3.1 | 1.2.27-bp156.2.3.1 | May 13, 2024 | Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue w | ||
| CVE-2024-31458 | — | < 1.2.27-bp156.2.3.1 | 1.2.27-bp156.2.3.1 | May 13, 2024 | Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_g | ||
| CVE-2024-31445 | — | < 1.2.27-bp156.2.3.1 | 1.2.27-bp156.2.3.1 | May 13, 2024 | Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform | ||
| CVE-2024-31444 | — | < 1.2.27-bp156.2.3.1 | 1.2.27-bp156.2.3.1 | May 13, 2024 | Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `for | ||
| CVE-2024-31443 | — | < 1.2.27-bp156.2.3.1 | 1.2.27-bp156.2.3.1 | May 13, 2024 | Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib | ||
| CVE-2024-29894 | — | < 1.2.27-bp156.2.3.1 | 1.2.27-bp156.2.3.1 | May 13, 2024 | Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js | ||
| CVE-2024-27082 | — | < 1.2.27-bp156.2.3.1 | 1.2.27-bp156.2.3.1 | May 13, 2024 | Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who acces | ||
| CVE-2024-25641 | — | < 1.2.27-bp156.2.3.1 | 1.2.27-bp156.2.3.1 | May 13, 2024 | Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP |
- CVE-2024-34340May 13, 2024affected < 1.2.27-bp156.2.3.1fixed 1.2.27-bp156.2.3.1
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat
- CVE-2024-31460May 13, 2024affected < 1.2.27-bp156.2.3.1fixed 1.2.27-bp156.2.3.1
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_a
- CVE-2024-31459May 13, 2024affected < 1.2.27-bp156.2.3.1fixed 1.2.27-bp156.2.3.1
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue w
- CVE-2024-31458May 13, 2024affected < 1.2.27-bp156.2.3.1fixed 1.2.27-bp156.2.3.1
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_g
- CVE-2024-31445May 13, 2024affected < 1.2.27-bp156.2.3.1fixed 1.2.27-bp156.2.3.1
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform
- CVE-2024-31444May 13, 2024affected < 1.2.27-bp156.2.3.1fixed 1.2.27-bp156.2.3.1
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `for
- CVE-2024-31443May 13, 2024affected < 1.2.27-bp156.2.3.1fixed 1.2.27-bp156.2.3.1
Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib
- CVE-2024-29894May 13, 2024affected < 1.2.27-bp156.2.3.1fixed 1.2.27-bp156.2.3.1
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js
- CVE-2024-27082May 13, 2024affected < 1.2.27-bp156.2.3.1fixed 1.2.27-bp156.2.3.1
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who acces
- CVE-2024-25641May 13, 2024affected < 1.2.27-bp156.2.3.1fixed 1.2.27-bp156.2.3.1
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP