 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.833828 |
| Kategorie: | openSUSE Local Security Checks |
| Titel: | openSUSE Security Advisory (openSUSE-SU-2024:0031-1) |
| Zusammenfassung: | The remote host is missing an update for the 'cacti, cacti-spine' package(s) announced via the openSUSE-SU-2024:0031-1 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'cacti, cacti-spine' package(s) announced via the openSUSE-SU-2024:0031-1 advisory. Vulnerability Insight: This update for cacti, cacti-spine fixes the following issues: cacti-spine 1.2.26: * Fix: Errors when uptime OID is not present * Fix: MySQL reconnect option is depreciated * Fix: Spine does not check a host with no poller items * Fix: Poller may report the wrong number of devices polled * Feature: Allow users to override the threads setting at the command line * Feature: Allow spine to run in ping-only mode cacti 1.2.26: * CVE-2023-50250: XSS vulnerability when importing a template file (boo#1218380) * CVE-2023-49084: RCE vulnerability when managing links (boo#1218360) * CVE-2023-49085: SQL Injection vulnerability when managing poller devices (boo#1218378) * CVE-2023-49086: XSS vulnerability when adding new devices (boo#1218366) * CVE-2023-49088: XSS vulnerability when viewing data sources in debug mode (boo#1218379) * CVE-2023-51448: SQL Injection vulnerability when managing SNMP Notification Receivers (boo#1218381) * When viewing data sources, an undefined variable error may be seen * Improvements for Poller Last Run Date * Attempting to edit a Data Query that does not exist throws warnings and not an GUI error * Improve PHP 8.1 support when adding devices * Viewing Data Query Cache can cause errors to be logged * Preserve option is not properly honoured when removing devices at command line * Infinite recursion is possible during a database failure * Monitoring Host CPU's does not always work on Windows endpoints * Multi select drop down list box not rendered correctly in Chrome and Edge * Selective Plugin Debugging may not always work as intended * During upgrades, Plugins may be falsely reported as incompatible * Plugin management at command line does not work with multiple plugins * Improve PHP 8.1 support for incrementing only numbers * Allow the renaming of guest and template accounts * DS Stats issues warnings when the RRDfile has not been initialized * When upgrading, missing data source profile can cause errors to be logged * When deleting a single Data Source, purge historical debug data * Improvements to form element warnings * Some interface aliases do not appear correctly * Aggregate graph does not show other percentiles * Settings table updates for large values reverted by database repair * When obtaining graph records, error messages may be recorded * Unable to change a device's community at command line * Increase timeout for RRDChecker * When viewing a graph, option to edit template may lead to incorrect URL * When upgrading, failures may occur due to missing color table keys * On installation, allow a more appropriate template to be used as the default * When data input parameters are allowed to be null, allow null * CSV Exports may not always output data correctly * When debugging a graph, long CDEF's can cause undesirable scrolling * Secondary LDAP server not evaluated when the first one has failed * When adding a device, using the bulk walk ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'cacti, cacti-spine' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-49084 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/ http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.html https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html Common Vulnerability Exposure (CVE) ID: CVE-2023-49085 https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/pollers.php#L451 https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855 Common Vulnerability Exposure (CVE) ID: CVE-2023-49086 https://github.com/Cacti/cacti/commit/6ec01c8b2983bf4fcb86f8c647655f74090b5be9 https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr Common Vulnerability Exposure (CVE) ID: CVE-2023-49088 https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x Common Vulnerability Exposure (CVE) ID: CVE-2023-50250 https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/templates_import.php https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73 Common Vulnerability Exposure (CVE) ID: CVE-2023-51448 https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/managers.php#L941 https://github.com/Cacti/cacti/security/advisories/GHSA-w85f-7c4w-7594 |
| Copyright | Copyright (C) 2024 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |