ALT Linux Team

Branch sisyphus update on 2014-05-07

2014-05-07

ALT-BU-2014-2755-1

Branch sisyphus update bulletin.

ALT-PU-2014-1594-1

Package cacti updated to version 0.8.8b-alt2 for branch sisyphus in task 119273.

Closed vulnerabilities

Published: 2014-03-27
Modified: 2024-11-21

CVE-2014-2326

Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Severity: MEDIUM (4.3)
References:
Published: 2014-04-23
Modified: 2024-11-21

CVE-2014-2328

lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.

Severity: MEDIUM (6.5)
References:
Published: 2014-04-11
Modified: 2024-11-21

CVE-2014-2708

Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter.

Severity: HIGH (7.5)
References:
Published: 2014-04-23
Modified: 2024-11-21

CVE-2014-2709

lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.

Severity: HIGH (7.5)
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top