Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
Typeapk
Namespacealpine
Namecacti
Version1.2.25-r0
Qualifiers
arch armv7
distroversion v3.19
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.2.26-r0
Latest_non_vulnerable_version1.2.27-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-195g-capa-wkff
vulnerability_id VCID-195g-capa-wkff
summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39513
reference_id
reference_type
scores
0
value 0.00337
scoring_system epss
scoring_elements 0.56924
published_at 2026-06-11T12:55:00Z
1
value 0.00337
scoring_system epss
scoring_elements 0.57044
published_at 2026-06-12T12:55:00Z
2
value 0.00337
scoring_system epss
scoring_elements 0.57058
published_at 2026-06-13T12:55:00Z
3
value 0.00337
scoring_system epss
scoring_elements 0.57051
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39513
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
7
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=armv7&distroversion=v3.19&reponame=community
aliases CVE-2023-39513
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-195g-capa-wkff
1
url VCID-361r-7x26-uygd
vulnerability_id VCID-361r-7x26-uygd
summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39357
reference_id
reference_type
scores
0
value 0.03846
scoring_system epss
scoring_elements 0.88456
published_at 2026-06-11T12:55:00Z
1
value 0.03846
scoring_system epss
scoring_elements 0.88495
published_at 2026-06-12T12:55:00Z
2
value 0.03846
scoring_system epss
scoring_elements 0.88502
published_at 2026-06-13T12:55:00Z
3
value 0.03846
scoring_system epss
scoring_elements 0.88501
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39357
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
9
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=armv7&distroversion=v3.19&reponame=community
aliases CVE-2023-39357
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-361r-7x26-uygd
2
url VCID-6mhk-uaks-n7ek
vulnerability_id VCID-6mhk-uaks-n7ek
summary Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `reports_admin.php` displays reporting information about graphs, devices, data sources etc. _CENSUS_ found that an adversary that is able to configure a malicious device name, related to a graph attached to a report, can deploy a stored XSS attack against any super user who has privileges of viewing the `reports_admin.php` page, such as administrative accounts. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/reports_admin.php` when the a graph with the maliciously altered device name is linked to the report. This issue has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to upgrade should manually filter HTML output.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39511
reference_id
reference_type
scores
0
value 0.00639
scoring_system epss
scoring_elements 0.71013
published_at 2026-06-11T12:55:00Z
1
value 0.00639
scoring_system epss
scoring_elements 0.71115
published_at 2026-06-14T12:55:00Z
2
value 0.00639
scoring_system epss
scoring_elements 0.71116
published_at 2026-06-13T12:55:00Z
3
value 0.00639
scoring_system epss
scoring_elements 0.71104
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39511
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
reference_id CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T20:03:12Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-5hpr-4hhc-8q42
reference_id GHSA-5hpr-4hhc-8q42
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T20:03:12Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-5hpr-4hhc-8q42
3
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
reference_id WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T20:03:12Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
reference_id WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T20:03:12Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=armv7&distroversion=v3.19&reponame=community
aliases CVE-2023-39511
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6mhk-uaks-n7ek
3
url VCID-6vex-xguy-v7h1
vulnerability_id VCID-6vex-xguy-v7h1
summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39516
reference_id
reference_type
scores
0
value 0.00324
scoring_system epss
scoring_elements 0.55807
published_at 2026-06-11T12:55:00Z
1
value 0.00324
scoring_system epss
scoring_elements 0.55927
published_at 2026-06-12T12:55:00Z
2
value 0.00324
scoring_system epss
scoring_elements 0.55942
published_at 2026-06-13T12:55:00Z
3
value 0.00324
scoring_system epss
scoring_elements 0.5593
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39516
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
9
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=armv7&distroversion=v3.19&reponame=community
aliases CVE-2023-39516
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6vex-xguy-v7h1
4
url VCID-935h-fann-3bf1
vulnerability_id VCID-935h-fann-3bf1
summary 
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The `data_sources.php` script displays the data source management information (e.g. data source path, polling configuration etc.) for different data visualizations of the _cacti_ app. 
CENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39366
reference_id
reference_type
scores
0
value 0.00414
scoring_system epss
scoring_elements 0.62091
published_at 2026-06-13T12:55:00Z
1
value 0.00414
scoring_system epss
scoring_elements 0.62089
published_at 2026-06-14T12:55:00Z
2
value 0.00414
scoring_system epss
scoring_elements 0.6198
published_at 2026-06-11T12:55:00Z
3
value 0.00414
scoring_system epss
scoring_elements 0.62081
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39366
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
reference_id CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
2
reference_url https://www.debian.org/security/2023/dsa-5550
reference_id dsa-5550
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:41Z/
url https://www.debian.org/security/2023/dsa-5550
3
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-rwhh-xxm6-vcrv
reference_id GHSA-rwhh-xxm6-vcrv
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:41Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-rwhh-xxm6-vcrv
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
reference_id WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
reference_id WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=armv7&distroversion=v3.19&reponame=community
aliases CVE-2023-39366
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-935h-fann-3bf1
5
url VCID-9ekq-dhsd-r3hb
vulnerability_id VCID-9ekq-dhsd-r3hb
summary Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_sources.php` displays the data source management information (e.g. data source path, polling configuration, device name related to the datasource etc.) for different data visualizations of the _cacti_ app. _CENSUS_ found that an adversary that is able to configure a malicious device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39512
reference_id
reference_type
scores
0
value 0.00562
scoring_system epss
scoring_elements 0.68917
published_at 2026-06-13T12:55:00Z
1
value 0.00562
scoring_system epss
scoring_elements 0.68914
published_at 2026-06-14T12:55:00Z
2
value 0.00562
scoring_system epss
scoring_elements 0.68811
published_at 2026-06-11T12:55:00Z
3
value 0.00562
scoring_system epss
scoring_elements 0.68905
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39512
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
reference_id CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:14Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
2
reference_url https://www.debian.org/security/2023/dsa-5550
reference_id dsa-5550
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:14Z/
url https://www.debian.org/security/2023/dsa-5550
3
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-vqcc-5v63-g9q7
reference_id GHSA-vqcc-5v63-g9q7
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:14Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-vqcc-5v63-g9q7
4
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
reference_id WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:14Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
reference_id WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:14Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=armv7&distroversion=v3.19&reponame=community
aliases CVE-2023-39512
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ekq-dhsd-r3hb
6
url VCID-c5z9-rt48-4ffx
vulnerability_id VCID-c5z9-rt48-4ffx
summary Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39362
reference_id
reference_type
scores
0
value 0.87228
scoring_system epss
scoring_elements 0.99469
published_at 2026-06-11T12:55:00Z
1
value 0.87228
scoring_system epss
scoring_elements 0.99471
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39362
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
9
reference_url http://packetstormsecurity.com/files/175029/Cacti-1.2.24-Command-Injection.html
reference_id Cacti-1.2.24-Command-Injection.html
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/
url http://packetstormsecurity.com/files/175029/Cacti-1.2.24-Command-Injection.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
reference_id CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
11
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51740.txt
reference_id CVE-2023-39362
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51740.txt
12
reference_url https://www.debian.org/security/2023/dsa-5550
reference_id dsa-5550
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/
url https://www.debian.org/security/2023/dsa-5550
13
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp
reference_id GHSA-g6ff-58cj-x3cp
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp
14
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
15
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
reference_id msg00018.html
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
reference_id WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
reference_id WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-27T20:32:39Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=armv7&distroversion=v3.19&reponame=community
aliases CVE-2023-39362
risk_score 10.0
exploitability 2.0
weighted_severity 6.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c5z9-rt48-4ffx
7
url VCID-e7r4-kycq-fyhn
vulnerability_id VCID-e7r4-kycq-fyhn
summary Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `reports_user.php` file. In `ajax_get_branches`, the `tree_id` parameter is passed to the `reports_get_branch_select` function without any validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39358
reference_id
reference_type
scores
0
value 0.04722
scoring_system epss
scoring_elements 0.89627
published_at 2026-06-11T12:55:00Z
1
value 0.04722
scoring_system epss
scoring_elements 0.89668
published_at 2026-06-14T12:55:00Z
2
value 0.04722
scoring_system epss
scoring_elements 0.89669
published_at 2026-06-13T12:55:00Z
3
value 0.04722
scoring_system epss
scoring_elements 0.89662
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39358
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
reference_id CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:08:55Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-gj95-7xr8-9p7g
reference_id GHSA-gj95-7xr8-9p7g
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:08:55Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-gj95-7xr8-9p7g
3
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
reference_id WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:08:55Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
reference_id WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:08:55Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=armv7&distroversion=v3.19&reponame=community
aliases CVE-2023-39358
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e7r4-kycq-fyhn
8
url VCID-enu7-fbex-2bdr
vulnerability_id VCID-enu7-fbex-2bdr
summary 
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The`reports_admin.php` script displays reporting information about graphs, devices, data sources etc.
CENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/reports_admin.php` when the a graph with the maliciously altered device name is linked to the report. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39510
reference_id
reference_type
scores
0
value 0.00562
scoring_system epss
scoring_elements 0.68917
published_at 2026-06-13T12:55:00Z
1
value 0.00562
scoring_system epss
scoring_elements 0.68914
published_at 2026-06-14T12:55:00Z
2
value 0.00562
scoring_system epss
scoring_elements 0.68811
published_at 2026-06-11T12:55:00Z
3
value 0.00562
scoring_system epss
scoring_elements 0.68905
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39510
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
reference_id CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:00Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
2
reference_url https://www.debian.org/security/2023/dsa-5550
reference_id dsa-5550
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:00Z/
url https://www.debian.org/security/2023/dsa-5550
3
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-24w4-4hp2-3j8h
reference_id GHSA-24w4-4hp2-3j8h
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:00Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-24w4-4hp2-3j8h
4
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
reference_id WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:00Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
reference_id WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:00Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=armv7&distroversion=v3.19&reponame=community
aliases CVE-2023-39510
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-enu7-fbex-2bdr
9
url VCID-gn3e-uynd-gkfe
vulnerability_id VCID-gn3e-uynd-gkfe
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39515
reference_id
reference_type
scores
0
value 0.00294
scoring_system epss
scoring_elements 0.53085
published_at 2026-06-11T12:55:00Z
1
value 0.00294
scoring_system epss
scoring_elements 0.53215
published_at 2026-06-14T12:55:00Z
2
value 0.00294
scoring_system epss
scoring_elements 0.53228
published_at 2026-06-13T12:55:00Z
3
value 0.00294
scoring_system epss
scoring_elements 0.53212
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39515
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
reference_id CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
11
reference_url https://www.debian.org/security/2023/dsa-5550
reference_id dsa-5550
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/
url https://www.debian.org/security/2023/dsa-5550
12
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h
reference_id GHSA-hrg9-qqqx-wc4h
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h
13
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
14
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
reference_id msg00018.html
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
reference_id WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
reference_id WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-06-25T14:25:41Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=armv7&distroversion=v3.19&reponame=community
aliases CVE-2023-39515
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gn3e-uynd-gkfe
10
url VCID-h2mr-s15u-sfcf
vulnerability_id VCID-h2mr-s15u-sfcf
summary Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory (phpseclib), the necessary gadgets are not included, making them inaccessible and the insecure deserializations not exploitable. Each instance of insecure deserialization is due to using the unserialize function without sanitizing the user input. Cacti has a “safe” deserialization that attempts to sanitize the content and check for specific values before calling unserialize, but it isn’t used in these instances. The vulnerable code lies in graphs_new.php, specifically within the host_new_graphs_save function. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30534
reference_id
reference_type
scores
0
value 0.52473
scoring_system epss
scoring_elements 0.97993
published_at 2026-06-11T12:55:00Z
1
value 0.52473
scoring_system epss
scoring_elements 0.98002
published_at 2026-06-14T12:55:00Z
2
value 0.52473
scoring_system epss
scoring_elements 0.98001
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30534
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30534
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30534
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
reference_id CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
3
reference_url https://www.fastly.com/blog/cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25
reference_id cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/
url https://www.fastly.com/blog/cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p
reference_id GHSA-77rf-774j-6h3p
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p
5
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
reference_id WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
reference_id WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T19:08:26Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=armv7&distroversion=v3.19&reponame=community
aliases CVE-2023-30534
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h2mr-s15u-sfcf
11
url VCID-hm41-qrdt-wqa5
vulnerability_id VCID-hm41-qrdt-wqa5
summary Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39365
reference_id
reference_type
scores
0
value 0.00194
scoring_system epss
scoring_elements 0.41242
published_at 2026-06-11T12:55:00Z
1
value 0.00194
scoring_system epss
scoring_elements 0.41417
published_at 2026-06-14T12:55:00Z
2
value 0.00194
scoring_system epss
scoring_elements 0.41426
published_at 2026-06-13T12:55:00Z
3
value 0.00194
scoring_system epss
scoring_elements 0.41408
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39365
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
reference_id CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
10
reference_url https://www.debian.org/security/2023/dsa-5550
reference_id dsa-5550
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/
url https://www.debian.org/security/2023/dsa-5550
11
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22
reference_id GHSA-v5w7-hww7-2f22
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22
12
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
13
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
reference_id msg00018.html
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
reference_id WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
reference_id WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:26:49Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=armv7&distroversion=v3.19&reponame=community
aliases CVE-2023-39365
risk_score 2.0
exploitability 0.5
weighted_severity 4.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hm41-qrdt-wqa5
12
url VCID-hxv4-cczk-13gu
vulnerability_id VCID-hxv4-cczk-13gu
summary Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `graphs.php` displays graph details such as data-source paths, data template information and graph related fields. _CENSUS_ found that an adversary that is able to configure either a data-source template with malicious code appended in the data-source name or a device with a malicious payload injected in the device name, may deploy a stored XSS attack against any user with _General Administration>Graphs_ privileges. A user that possesses the _Template Editor>Data Templates_ permissions can configure the data-source name in _cacti_. Please note that this may be a _low privileged_ user. This configuration occurs through `http://<HOST>/cacti/data_templates.php` by editing an existing or adding a new data template. If a template is linked to a graph then the formatted template name will be rendered in the graph's management page. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device name in _cacti_. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to upgrade should add manual HTML escaping.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39514
reference_id
reference_type
scores
0
value 0.00365
scoring_system epss
scoring_elements 0.58926
published_at 2026-06-11T12:55:00Z
1
value 0.00365
scoring_system epss
scoring_elements 0.59039
published_at 2026-06-14T12:55:00Z
2
value 0.00365
scoring_system epss
scoring_elements 0.5905
published_at 2026-06-13T12:55:00Z
3
value 0.00365
scoring_system epss
scoring_elements 0.59038
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39514
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
reference_id CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:26Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
2
reference_url https://www.debian.org/security/2023/dsa-5550
reference_id dsa-5550
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:26Z/
url https://www.debian.org/security/2023/dsa-5550
3
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7
reference_id GHSA-6hrc-2cfc-8hm7
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:26Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7
4
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
reference_id WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:26Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
reference_id WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:21:26Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=armv7&distroversion=v3.19&reponame=community
aliases CVE-2023-39514
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hxv4-cczk-13gu
13
url VCID-q5p8-rj9z-7qcj
vulnerability_id VCID-q5p8-rj9z-7qcj
summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39360
reference_id
reference_type
scores
0
value 0.00629
scoring_system epss
scoring_elements 0.70759
published_at 2026-06-11T12:55:00Z
1
value 0.00629
scoring_system epss
scoring_elements 0.70849
published_at 2026-06-12T12:55:00Z
2
value 0.00629
scoring_system epss
scoring_elements 0.70862
published_at 2026-06-13T12:55:00Z
3
value 0.00629
scoring_system epss
scoring_elements 0.7086
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39360
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
7
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=armv7&distroversion=v3.19&reponame=community
aliases CVE-2023-39360
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q5p8-rj9z-7qcj
14
url VCID-quny-cjsn-uqdu
vulnerability_id VCID-quny-cjsn-uqdu
summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39361
reference_id
reference_type
scores
0
value 0.92641
scoring_system epss
scoring_elements 0.99759
published_at 2026-06-11T12:55:00Z
1
value 0.92641
scoring_system epss
scoring_elements 0.99761
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39361
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
9
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
10
reference_url https://usn.ubuntu.com/6720-1/
reference_id USN-6720-1
reference_type
scores
url https://usn.ubuntu.com/6720-1/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=armv7&distroversion=v3.19&reponame=community
aliases CVE-2023-39361
risk_score 1.6
exploitability 2.0
weighted_severity 0.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-quny-cjsn-uqdu
15
url VCID-xvqz-wwt2-h7cd
vulnerability_id VCID-xvqz-wwt2-h7cd
summary Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `graphs.php` file. When dealing with the cases of ajax_hosts and ajax_hosts_noany, if the `site_id` parameter is greater than 0, it is directly reflected in the WHERE clause of the SQL statement. This creates an SQL injection vulnerability. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39359
reference_id
reference_type
scores
0
value 0.05576
scoring_system epss
scoring_elements 0.90497
published_at 2026-06-11T12:55:00Z
1
value 0.05576
scoring_system epss
scoring_elements 0.90534
published_at 2026-06-14T12:55:00Z
2
value 0.05576
scoring_system epss
scoring_elements 0.90535
published_at 2026-06-13T12:55:00Z
3
value 0.05576
scoring_system epss
scoring_elements 0.90527
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39359
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
reference_id CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/
10
reference_url https://www.debian.org/security/2023/dsa-5550
reference_id dsa-5550
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/
url https://www.debian.org/security/2023/dsa-5550
11
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-q4wh-3f9w-836h
reference_id GHSA-q4wh-3f9w-836h
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-q4wh-3f9w-836h
12
reference_url https://security.gentoo.org/glsa/202412-02
reference_id GLSA-202412-02
reference_type
scores
url https://security.gentoo.org/glsa/202412-02
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
reference_id WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
reference_id WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-26T19:20:26Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=armv7&distroversion=v3.19&reponame=community
aliases CVE-2023-39359
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xvqz-wwt2-h7cd
16
url VCID-zy5u-4x9u-e7h7
vulnerability_id VCID-zy5u-4x9u-e7h7
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39364
reference_id
reference_type
scores
0
value 0.00189
scoring_system epss
scoring_elements 0.40634
published_at 2026-06-11T12:55:00Z
1
value 0.00189
scoring_system epss
scoring_elements 0.40801
published_at 2026-06-12T12:55:00Z
2
value 0.00189
scoring_system epss
scoring_elements 0.40824
published_at 2026-06-13T12:55:00Z
3
value 0.00189
scoring_system epss
scoring_elements 0.40811
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39364
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39357
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39359
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39361
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39362
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39364
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39365
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39515
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39516
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=armv7&distroversion=v3.19&reponame=community
aliases CVE-2023-39364
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zy5u-4x9u-e7h7
17
url VCID-zyyy-p6nu-m7aj
vulnerability_id VCID-zyyy-p6nu-m7aj
summary Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration>Sites/Devices/Data`. The victim of this attack could be any account with permissions to view `http://<HOST>/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49088
reference_id
reference_type
scores
0
value 0.0102
scoring_system epss
scoring_elements 0.77647
published_at 2026-06-11T12:55:00Z
1
value 0.0102
scoring_system epss
scoring_elements 0.77722
published_at 2026-06-14T12:55:00Z
2
value 0.0102
scoring_system epss
scoring_elements 0.77729
published_at 2026-06-13T12:55:00Z
3
value 0.0102
scoring_system epss
scoring_elements 0.77715
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49088
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
7
reference_url https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php
reference_id data_debug.php
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/
url https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php
8
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h
reference_id GHSA-hrg9-qqqx-wc4h
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h
9
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x
reference_id GHSA-q7g7-gcf6-wh4x
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x
10
reference_url https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
reference_id msg00018.html
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/
url https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
reference_id RBEOAFKRARQHTDIYSL723XAFJ2Q6624X
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=armv7&distroversion=v3.19&reponame=community
aliases CVE-2023-49088
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zyyy-p6nu-m7aj
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.25-r0%3Farch=armv7&distroversion=v3.19&reponame=community