Search for packages
| purl | pkg:deb/debian/cacti@1.2.25%2Bds1-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-34z4-1zqk-afcm | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39515
|
| VCID-5ykb-6nvx-k3e4 | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39362
|
| VCID-a8j1-24bw-gudu | security update |
CVE-2023-39364
|
| VCID-c2b8-ss11-9yhq | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39360
|
| VCID-d7t8-6cty-sqde | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39358
|
| VCID-du4b-tbxt-mqfr | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The `data_sources.php` script displays the data source management information (e.g. data source path, polling configuration etc.) for different data visualizations of the _cacti_ app. CENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. |
CVE-2023-39366
|
| VCID-h6vp-37u4-b7f3 | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39510
|
| VCID-huf2-qwju-6bf2 | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39365
|
| VCID-pau5-hfbv-nucp | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39513
|
| VCID-pxqa-nkv3-jqfs | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-30534
|
| VCID-sb43-hapb-1uf2 | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39357
|
| VCID-vsjt-qjyw-hbfs | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39359
|
| VCID-w11p-1pr3-7ybp | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39511
|
| VCID-ws4h-295a-9qgx | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39516
|
| VCID-ypan-57sx-vyam | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39361
|
| VCID-zf92-pzgz-dfg7 | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39512
|
| VCID-znew-xktt-p7hy | Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation. |
CVE-2023-39514
|