Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. Security Fix: * golang: net/http: limit growth of header canonicalization cache For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Two security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in unauthenticated command injection or LDAP authentication bypass.
The host is installed with Cacti 1.2.19 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation allows attackers to bypass Cacti authentication with certain credential types under certain ldap conditions.
The host is installed with Cacti 1.2.22 and earlier and is prone to a command injection vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows an unauthenticated user to execute arbitrary code on a server running Cacti.
Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven.