Package "cacti"
Name: |
cacti
|
Description: |
web interface for graphing of monitoring systems
|
Latest version: |
1.2.10+ds1-1ubuntu1.1 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
universe |
Homepage: |
https://www.cacti.net/ |
Links
Download "cacti"
Other versions of "cacti" in Focal
Changelog
cacti (1.2.10+ds1-1ubuntu1.1) focal-security; urgency=medium
* SECURITY UPDATE: remote code execution issue
- debian/patches/CVE-2024-25641.patch: fix RCE exploitable through the
"Package Import" feature
- debian/patches/CVE-2024-31459.patch: fix file inclusion issue in the
lib/plugin.php
- CVE-2024-25641
- CVE-2024-31459
* SECURITY UPDATE: cross-site scripting issue
- debian/patches/CVE-2024-31443.patch: fix HTML statement in
`grow_right_pane_tree()` function from `lib/html.php`
- debian/patches/CVE-2024-31444.patch: fix
automation_tree_rules_form_save() function in automation_tree_rules.php
- CVE-2024-31443
- CVE-2024-31444
* SECURITY UPDATE: sql injection issue
- debian/patches/CVE-2024-31445.patch: fix `automation_get_new_graphs_sql`
function of `api_automation.php`
- debian/patches/CVE-2024-31458.patch: fix `form_save()` function in
`graph_template_inputs.php`
- debian/patches/CVE-2024-31460.patch: fix `create_all_header_nodes()`
function from `lib/api_automation.php`
- CVE-2024-31445
- CVE-2024-31458
- CVE-2024-31460
* SECURITY UPDATE: type juggling issue
- debian/patches/CVE-2024-34340.patch: fix issue in `compat_password_verify`
method
- CVE-2024-34340
* debian/tests/check-all-pages: update filtered log for
/var/log/cacti/cacti.log test
-- Nishit Majithia <email address hidden> Mon, 19 Aug 2024 18:04:35 +0530
|
CVE-2024-25641 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable |
CVE-2024-31459 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin. |
CVE-2024-31443 |
Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_ |
CVE-2024-31444 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_f |
CVE-2024-31445 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_ne |
CVE-2024-31458 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function i |
CVE-2024-31460 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.p |
CVE-2024-34340 |
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set t |
|
About
-
Send Feedback to @ubuntu_updates