rpm package
suse/cacti&distro=SUSE Package Hub 12
pkg:rpm/suse/cacti&distro=SUSE%20Package%20Hub%2012
Vulnerabilities (52)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-39516 | — | < 1.2.25-bp155.2.3.1 | 1.2.25-bp155.2.3.1 | Sep 5, 2023 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by admin | ||
| CVE-2023-39365 | — | < 1.2.25-bp155.2.3.1 | 1.2.25-bp155.2.3.1 | Sep 5, 2023 | Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. | ||
| CVE-2023-39357 | — | < 1.2.25-bp155.2.3.1 | 1.2.25-bp155.2.3.1 | Sep 5, 2023 | Cacti is an open source operational monitoring and fault management framework. A defect in the sql_save function was discovered. When the column type is numeric, the sql_save function directly utilizes user input. Many files and functions calling the sql_save function do not perf | ||
| CVE-2023-39358 | — | < 1.2.25-bp155.2.3.1 | 1.2.25-bp155.2.3.1 | Sep 5, 2023 | Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `reports_user.ph | ||
| CVE-2023-39359 | — | < 1.2.25-bp155.2.3.1 | 1.2.25-bp155.2.3.1 | Sep 5, 2023 | Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `graphs.php` fil | ||
| CVE-2023-39361 | — | < 1.2.25-bp155.2.3.1 | 1.2.25-bp155.2.3.1 | Sep 5, 2023 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an ena | ||
| CVE-2023-39360 | — | < 1.2.25-bp155.2.3.1 | 1.2.25-bp155.2.3.1 | Sep 5, 2023 | Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data. The vulnerability is found in `graphs_new.php`. Several validations are pe | ||
| CVE-2023-39366 | — | < 1.2.25-bp155.2.3.1 | 1.2.25-bp155.2.3.1 | Sep 5, 2023 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrat | ||
| CVE-2023-39510 | — | < 1.2.25-bp155.2.3.1 | 1.2.25-bp155.2.3.1 | Sep 5, 2023 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrat | ||
| CVE-2023-39512 | — | < 1.2.25-bp155.2.3.1 | 1.2.25-bp155.2.3.1 | Sep 5, 2023 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by admin | ||
| CVE-2023-39513 | — | < 1.2.25-bp155.2.3.1 | 1.2.25-bp155.2.3.1 | Sep 5, 2023 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by admin | ||
| CVE-2023-39515 | — | < 1.2.25-bp155.2.3.1 | 1.2.25-bp155.2.3.1 | Sep 5, 2023 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrativ | ||
| CVE-2023-39514 | — | < 1.2.25-bp155.2.3.1 | 1.2.25-bp155.2.3.1 | Sep 5, 2023 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by admin | ||
| CVE-2022-46169 | — | KEV | < 1.2.23-bp154.2.6.1 | 1.2.23-bp154.2.6.1 | Dec 5, 2022 | Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a | |
| CVE-2022-0730 | — | < 1.2.20-bp153.2.9.1 | 1.2.20-bp153.2.9.1 | Mar 3, 2022 | Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. | ||
| CVE-2020-14424 | — | < 1.2.18-bp153.2.3.1 | 1.2.18-bp153.2.3.1 | Nov 14, 2021 | Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme. | ||
| CVE-2020-35701 | — | < 1.2.17-20.1 | 1.2.17-20.1 | Jan 11, 2021 | An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution. | ||
| CVE-2020-14295 | — | < 1.2.13-11.1 | 1.2.13-11.1 | Jun 17, 2020 | A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries. | ||
| CVE-2020-13625 | — | < 1.2.13-11.1 | 1.2.13-11.1 | Jun 8, 2020 | PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. | ||
| CVE-2020-11022 | Med | 6.9 | < 1.2.13-11.1 | 1.2.13-11.1 | Apr 29, 2020 | In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. |
- CVE-2023-39516Sep 5, 2023affected < 1.2.25-bp155.2.3.1fixed 1.2.25-bp155.2.3.1
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by admin
- CVE-2023-39365Sep 5, 2023affected < 1.2.25-bp155.2.3.1fixed 1.2.25-bp155.2.3.1
Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25.
- CVE-2023-39357Sep 5, 2023affected < 1.2.25-bp155.2.3.1fixed 1.2.25-bp155.2.3.1
Cacti is an open source operational monitoring and fault management framework. A defect in the sql_save function was discovered. When the column type is numeric, the sql_save function directly utilizes user input. Many files and functions calling the sql_save function do not perf
- CVE-2023-39358Sep 5, 2023affected < 1.2.25-bp155.2.3.1fixed 1.2.25-bp155.2.3.1
Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `reports_user.ph
- CVE-2023-39359Sep 5, 2023affected < 1.2.25-bp155.2.3.1fixed 1.2.25-bp155.2.3.1
Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `graphs.php` fil
- CVE-2023-39361Sep 5, 2023affected < 1.2.25-bp155.2.3.1fixed 1.2.25-bp155.2.3.1
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an ena
- CVE-2023-39360Sep 5, 2023affected < 1.2.25-bp155.2.3.1fixed 1.2.25-bp155.2.3.1
Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data. The vulnerability is found in `graphs_new.php`. Several validations are pe
- CVE-2023-39366Sep 5, 2023affected < 1.2.25-bp155.2.3.1fixed 1.2.25-bp155.2.3.1
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrat
- CVE-2023-39510Sep 5, 2023affected < 1.2.25-bp155.2.3.1fixed 1.2.25-bp155.2.3.1
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrat
- CVE-2023-39512Sep 5, 2023affected < 1.2.25-bp155.2.3.1fixed 1.2.25-bp155.2.3.1
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by admin
- CVE-2023-39513Sep 5, 2023affected < 1.2.25-bp155.2.3.1fixed 1.2.25-bp155.2.3.1
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by admin
- CVE-2023-39515Sep 5, 2023affected < 1.2.25-bp155.2.3.1fixed 1.2.25-bp155.2.3.1
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrativ
- CVE-2023-39514Sep 5, 2023affected < 1.2.25-bp155.2.3.1fixed 1.2.25-bp155.2.3.1
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by admin
- affected < 1.2.23-bp154.2.6.1fixed 1.2.23-bp154.2.6.1
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a
- CVE-2022-0730Mar 3, 2022affected < 1.2.20-bp153.2.9.1fixed 1.2.20-bp153.2.9.1
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
- CVE-2020-14424Nov 14, 2021affected < 1.2.18-bp153.2.3.1fixed 1.2.18-bp153.2.3.1
Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.
- CVE-2020-35701Jan 11, 2021affected < 1.2.17-20.1fixed 1.2.17-20.1
An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.
- CVE-2020-14295Jun 17, 2020affected < 1.2.13-11.1fixed 1.2.13-11.1
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
- CVE-2020-13625Jun 8, 2020affected < 1.2.13-11.1fixed 1.2.13-11.1
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.
- affected < 1.2.13-11.1fixed 1.2.13-11.1
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Page 2 of 3