stable

cacti-1.2.25-1.el7 and cacti-spine-1.2.25-1.el7

FEDORA-EPEL-2023-bcf6c3bf53 created by carlwgeorge 4 months ago for Fedora EPEL 7

Update cacti and cacti-spine to version 1.2.25. This includes the upstream fixes for many CVEs.

https://github.com/Cacti/cacti/releases/tag/release%2F1.2.25

This update has been submitted for testing by carlwgeorge.

4 months ago

This update's test gating status has been changed to 'ignored'.

4 months ago

This update has been pushed to testing.

4 months ago

This update has been submitted for stable by bodhi.

4 months ago

This update has been pushed to stable.

4 months ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
4 months ago
in testing
4 months ago
in stable
4 months ago
approved
4 months ago
BZ#2237580 CVE-2023-39514 cacti: Cross-Site Scripting vulnerability with Data Source Name when managing Graphs [epel-all]
0
0
BZ#2237581 CVE-2023-39513 cacti: Cross-Site Scripting vulnerability with Device Name when debugging data queries [epel-all]
0
0
BZ#2237586 CVE-2023-39515 cacti: Cross-Site Scripting vulnerability with Data Source Name when debugging Data Queries [epel-all]
0
0
BZ#2237589 CVE-2023-39359 cacti: Authenticated SQL injection vulnerability when managing graphs [epel-all]
0
0
BZ#2237591 CVE-2023-39360 cacti: Cross-Site Scripting vulnerability when creating new graphs [epel-all]
0
0
BZ#2237596 CVE-2023-39361 cacti: Unauthenticated SQL Injection when viewing graphs [epel-all]
0
0
BZ#2237599 CVE-2023-39366 cacti: Cross-Site Scripting vulnerability with Device Name when managing Data Sources [epel-all]
0
0
BZ#2237602 CVE-2023-39510 cacti: Cross-Site Scripting vulnerability with Device Name when administrating Reports [epel-all]
0
0
BZ#2237605 CVE-2023-39357 cacti: SQL Injection when saving data with sql_save() [epel-all]
0
0
BZ#2237608 CVE-2023-39358 cacti: Authenticated SQL injection vulnerability when managing reports [epel-all]
0
0
BZ#2237612 CVE-2023-39364 cacti: Open redirect in change password functionality [epel-all]
0
0
BZ#2237614 CVE-2023-39365 cacti: SQL Injection when using regular expressions [epel-all]
0
0
BZ#2237617 CVE-2023-30534 cacti: Insecure deserialization of filter data [epel-all]
0
0
BZ#2237620 CVE-2023-31132 cacti: Privilege escalation when Cacti installed using Windows Installer defaults [epel-all]
0
0
BZ#2237623 CVE-2023-39362 cacti: Authenticated command injection when using SNMP options [epel-all]
0
0
BZ#2237626 CVE-2023-39516 cacti: Cross-Site Scripting vulnerability with Data Source Information when managing Data Sources [epel-all]
0
0
BZ#2237818 CVE-2023-39511 cacti: Cross-Site Scripting vulnerability with Device Name when editing Graphs whilst managing Reports [epel-all]
0
0
BZ#2242048 CVE-2023-39512 cacti: Cross-Site Scripting vulnerability with Device Name when managing Data Sources [epel-all]
0
0

Automated Test Results