[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-4604-1 cacti -- cacti

ID: oval:org.secpod.oval:def:61491Date: (C)2019-12-23   (M)2022-10-10
Class: PATCHFamily: unix




Multiple issues have been found in cacti, a server monitoring system, potentially resulting in SQL code execution or information disclosure by authenticated users. CVE-2019-16723 Authenticated users may bypass authorization checks for viewing a graph by submitting requests with modified local_graph_id parameters. CVE-2019-17357 The graph administration interface insufficiently sanitizes the template_id parameter, potentially resulting in SQL injection. This vulnerability might be leveraged by authenticated attackers to perform unauthorized SQL code execution on the database. CVE-2019-17358 The sanitize_unserialize_selected_items function insufficiently sanitizes user input before deserializing it, potentially resulting in unsafe deserialization of user-controlled data. This vulnerability might be leveraged by authenticated attackers to influence the program control flow or cause memory corruption.

Platform:
Linux Mint 3
Product:
cacti
Reference:
DSA-4604-1
CVE-2019-16723
CVE-2019-17357
CVE-2019-17358
CVE-2018-17358
CVE    4
CVE-2018-17358
CVE-2019-17358
CVE-2019-16723
CVE-2019-17357
...

© SecPod Technologies