| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|
| CVE-2024-43365 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | fixed | fixed | Cacti is an open source performance and fault management framework. Th ... |
| CVE-2024-43364 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | fixed | fixed | Cacti is an open source performance and fault management framework. Th ... |
| CVE-2024-43363 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | fixed | fixed | Cacti is an open source performance and fault management framework. An ... |
| CVE-2024-43362 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | fixed | fixed | Cacti is an open source performance and fault management framework. Th ... |
| CVE-2024-34340 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | Cacti provides an operational monitoring and fault management framewor ... |
| CVE-2024-31460 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | Cacti provides an operational monitoring and fault management framewor ... |
| CVE-2024-31459 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | Cacti provides an operational monitoring and fault management framewor ... |
| CVE-2024-31458 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | Cacti provides an operational monitoring and fault management framewor ... |
| CVE-2024-31445 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | Cacti provides an operational monitoring and fault management framewor ... |
| CVE-2024-31444 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | Cacti provides an operational monitoring and fault management framewor ... |
| CVE-2024-31443 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | Cacti provides an operational monitoring and fault management framewor ... |
| CVE-2024-29894 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | Cacti provides an operational monitoring and fault management framewor ... |
| CVE-2024-27082 | vulnerable | vulnerable | vulnerable | fixed | vulnerable (no DSA) | fixed | fixed | Cacti provides an operational monitoring and fault management framewor ... |
| CVE-2024-25641 | vulnerable | vulnerable | vulnerable | fixed | fixed | fixed | fixed | Cacti provides an operational monitoring and fault management framewor ... |
| CVE-2023-51448 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti provides an operational monitoring and fault management framewor ... |
| CVE-2023-50250 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti is an open source operational monitoring and fault management fr ... |
| CVE-2023-49088 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti is an open source operational monitoring and fault management fr ... |
| CVE-2023-49086 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti is a robust performance and fault management framework and a fro ... |
| CVE-2023-49085 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti provides an operational monitoring and fault management framewor ... |
| CVE-2023-49084 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti is a robust performance and fault management framework and a fro ... |
| CVE-2023-46490 | vulnerable | vulnerable | fixed | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker ... |
| CVE-2023-39516 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti is an open source operational monitoring and fault management fr ... |
| CVE-2023-39515 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti is an open source operational monitoring and fault management fr ... |
| CVE-2023-39514 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti is an open source operational monitoring and fault management fr ... |
| CVE-2023-39513 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti is an open source operational monitoring and fault management fr ... |
| CVE-2023-39512 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti is an open source operational monitoring and fault management fr ... |
| CVE-2023-39511 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti is an open source operational monitoring and fault management fr ... |
| CVE-2023-39510 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti is an open source operational monitoring and fault management fr ... |
| CVE-2023-39366 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti is an open source operational monitoring and fault management fr ... |
| CVE-2023-39365 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti is an open source operational monitoring and fault management fr ... |
| CVE-2023-39364 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti is an open source operational monitoring and fault management fr ... |
| CVE-2023-39362 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti is an open source operational monitoring and fault management fr ... |
| CVE-2023-39361 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti is an open source operational monitoring and fault management fr ... |
| CVE-2023-39360 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti is an open source operational monitoring and fault management fr ... |
| CVE-2023-39359 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti is an open source operational monitoring and fault management fr ... |
| CVE-2023-39358 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti is an open source operational monitoring and fault management fr ... |
| CVE-2023-39357 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cacti is an open source operational monitoring and fault management fr ... |
| CVE-2023-37543 | vulnerable | vulnerable | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for ... |
| CVE-2023-30534 | vulnerable | vulnerable | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | Cacti is an open source operational monitoring and fault management fr ... |
| CVE-2022-41444 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted P ... |
| CVE-2017-1000031 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | fixed | SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8 ... |
| CVE-2017-16641 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators ... |
| Bug | Description |
|---|
| TEMP-0000000-F32736 | SQL Injection Vulnerability in graph items and graph template items |
| TEMP-0000000-F6033C | SQL Injection in data_templates.php |
| TEMP-0000000-EFA573 | SQL Injection Vulnerability in data sources |
| TEMP-0000000-E43D47 | SQL Injection in cdef.php |
| TEMP-0000000-AA638E | SQL Injection in graph_templates.php |
| TEMP-0000000-018938 | SQL Injection in host_templates.php |
| CVE-2024-30268 | Cacti provides an operational monitoring and fault management framewor ... |
| CVE-2024-29895 | Cacti provides an operational monitoring and fault management framewor ... |
| CVE-2023-31132 | Cacti is an open source operational monitoring and fault management fr ... |
| CVE-2022-48547 | A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g a ... |
| CVE-2022-46169 | Cacti is an open source platform which provides a robust and extensibl ... |
| CVE-2022-0730 | Under certain ldap conditions, Cacti authentication can be bypassed wi ... |
| CVE-2021-26247 | As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_c ... |
| CVE-2021-23225 | Cacti 1.1.38 allows authenticated users with User Management permissio ... |
| CVE-2021-3816 | Cacti 1.1.38 allows authenticated users with User Management permissio ... |
| CVE-2020-35701 | An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection ... |
| CVE-2020-25706 | A cross-site scripting (XSS) vulnerability exists in templates_import. ... |
| CVE-2020-23226 | Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1. ... |
| CVE-2020-14424 | Cacti before 1.2.18 allows remote attackers to trigger XSS via templat ... |
| CVE-2020-14295 | A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to ... |
| CVE-2020-13231 | In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for a ... |
| CVE-2020-13230 | In Cacti before 1.2.11, disabling a user account does not immediately ... |
| CVE-2020-8813 | graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute a ... |
| CVE-2020-7237 | Cacti 1.2.8 allows Remote Code Execution (by privileged users) via she ... |
| CVE-2020-7106 | Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.p ... |
| CVE-2019-17358 | Cacti through 1.2.7 is affected by multiple instances of lib/functions ... |
| CVE-2019-17357 | Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injec ... |
| CVE-2019-16723 | In Cacti through 1.2.6, authenticated users may bypass authorization c ... |
| CVE-2019-11025 | In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping o ... |
| CVE-2018-20726 | A cross-site scripting (XSS) vulnerability exists in host.php (via tre ... |
| CVE-2018-20725 | A cross-site scripting (XSS) vulnerability exists in graph_templates.p ... |
| CVE-2018-20724 | A cross-site scripting (XSS) vulnerability exists in pollers.php in Ca ... |
| CVE-2018-20723 | A cross-site scripting (XSS) vulnerability exists in color_templates.p ... |
| CVE-2018-10061 | Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars ... |
| CVE-2018-10060 | Cacti before 1.1.37 has XSS because it does not properly reject uninte ... |
| CVE-2018-10059 | Cacti before 1.1.37 has XSS because the get_current_page function in l ... |
| CVE-2017-1000032 | Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remot ... |
| CVE-2017-16785 | Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. |
| CVE-2017-16661 | Cacti 1.1.27 allows remote authenticated administrators to read arbitr ... |
| CVE-2017-16660 | Cacti 1.1.27 allows remote authenticated administrators to conduct Rem ... |
| CVE-2017-15194 | include/global_session.php in Cacti 1.1.25 has XSS related to (1) the ... |
| CVE-2017-12978 | lib/html.php in Cacti before 1.1.18 has XSS via the title field of an ... |
| CVE-2017-12927 | A cross-site scripting vulnerability exists in Cacti 1.1.17 in the met ... |
| CVE-2017-12066 | Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Ca ... |
| CVE-2017-12065 | spikekill.php in Cacti before 1.1.16 might allow remote attackers to e ... |
| CVE-2017-11691 | Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti ... |
| CVE-2017-11163 | Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Ca ... |
| CVE-2017-10970 | Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 a ... |
| CVE-2016-10700 | auth_login.php in Cacti before 1.0.0 allows remote authenticated users ... |
| CVE-2016-3659 | SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows ... |
| CVE-2016-3172 | SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier al ... |
| CVE-2016-2313 | auth_login.php in Cacti before 0.8.8g allows remote authenticated user ... |
| CVE-2015-8604 | SQL injection vulnerability in the host_new_graphs function in graphs_ ... |
| CVE-2015-8377 | SQL injection vulnerability in the host_new_graphs_save function in gr ... |
| CVE-2015-8369 | SQL injection vulnerability in include/top_graph_header.php in Cacti 0 ... |
| CVE-2015-4634 | SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allow ... |
| CVE-2015-4454 | SQL injection vulnerability in the get_hash_graph_template function in ... |
| CVE-2015-4342 | SQL injection vulnerability in Cacti before 0.8.8d allows remote attac ... |
| CVE-2015-2967 | Cross-site scripting (XSS) vulnerability in settings.php in Cacti befo ... |
| CVE-2015-2665 | Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows ... |
| CVE-2015-0916 | SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows ... |
| CVE-2014-5262 | SQL injection vulnerability in the graph settings script (graph_settin ... |
| CVE-2014-5261 | The graph settings script (graph_settings.php) in Cacti 0.8.8b and ear ... |
| CVE-2014-5026 | Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b al ... |
| CVE-2014-5025 | Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti ... |
| CVE-2014-4002 | Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b al ... |
| CVE-2014-4000 | Cacti before 1.0.0 allows remote authenticated users to conduct PHP ob ... |
| CVE-2014-2709 | lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attacke ... |
| CVE-2014-2708 | Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8 ... |
| CVE-2014-2328 | lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remot ... |
| CVE-2014-2327 | Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8 ... |
| CVE-2014-2326 | Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, ... |
| CVE-2013-7464 | In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not confi ... |
| CVE-2013-5589 | SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earl ... |
| CVE-2013-5588 | Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b an ... |
| CVE-2013-1435 | (1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote atta ... |
| CVE-2013-1434 | Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) u ... |
| CVE-2011-5223 | Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti ... |
| CVE-2011-4824 | SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h a ... |
| CVE-2010-2545 | Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0. ... |
| CVE-2010-2544 | Cross-site scripting (XSS) vulnerability in utilities.php in Cacti bef ... |
| CVE-2010-2543 | Cross-site scripting (XSS) vulnerability in include/top_graph_header.p ... |
| CVE-2010-2092 | SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier a ... |
| CVE-2010-1645 | Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HP ... |
| CVE-2010-1644 | Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0. ... |
| CVE-2010-1431 | SQL injection vulnerability in templates_export.php in Cacti 0.8.7e an ... |
| CVE-2009-4032 | Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e al ... |
| CVE-2008-0786 | CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 be ... |
| CVE-2008-0785 | Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b an ... |
| CVE-2008-0784 | graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows ... |
| CVE-2008-0783 | Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 bef ... |
| CVE-2007-6035 | SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows ... |
| CVE-2007-3113 | Cacti 0.8.6i, and possibly other versions, allows remote authenticated ... |
| CVE-2007-3112 | graph_image.php in Cacti 0.8.6i, and possibly other versions, allows r ... |
| CVE-2006-6799 | SQL injection vulnerability in Cacti 0.8.6i and earlier, when register ... |
| CVE-2006-0806 | Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as ... |
| CVE-2006-0410 | SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQ ... |
| CVE-2006-0147 | Dynamic code evaluation vulnerability in tests/tmssql.php test script ... |
| CVE-2006-0146 | The server.php test script in ADOdb for PHP before 4.70, as used in mu ... |
| CVE-2005-2149 | config.php in Cacti 0.8.6e and earlier allows remote attackers to set ... |
| CVE-2005-2148 | Cacti 0.8.6e and earlier does not perform proper input validation to p ... |
| CVE-2005-1526 | PHP remote file inclusion vulnerability in config_settings.php in Cact ... |
| CVE-2005-1525 | SQL injection vulnerability in config_settings.php for Cacti before 0. ... |
| CVE-2005-1524 | PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8. ... |
| CVE-2004-1737 | SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows r ... |
| CVE-2004-1736 | Cacti 0.8.5a allows remote attackers to gain sensitive information via ... |
| CVE-2002-1479 | Cacti before 0.6.8 stores a MySQL username and password in plaintext i ... |
| CVE-2002-1478 | Cacti before 0.6.8 allows attackers to execute arbitrary commands via ... |
| CVE-2002-1477 | graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti adm ... |