ID de Prueba:	1.3.6.1.4.1.25623.1.1.18.1.2024.0276.1
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (openSUSE-SU-2024:0276-1)
Resumen:	The remote host is missing an update for the 'cacti, cacti-spine' package(s) announced via the openSUSE-SU-2024:0276-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'cacti, cacti-spine' package(s) announced via the openSUSE-SU-2024:0276-1 advisory. Vulnerability Insight: This update for cacti, cacti-spine fixes the following issues: - cacti 1.2.27: * CVE-2024-34340: Authentication Bypass when using using older password hashes (boo#1224240) * CVE-2024-25641: RCE vulnerability when importing packages (boo#1224229) * CVE-2024-31459: RCE vulnerability when plugins include files (boo#1224238) * CVE-2024-31460: SQL Injection vulnerability when using tree rules through Automation API (boo#1224239) * CVE-2024-29894: XSS vulnerability when using JavaScript based messaging API (boo#1224231) * CVE-2024-31458: SQL Injection vulnerability when using form templates (boo#1224241) * CVE-2024-31444: XSS vulnerability when reading tree rules with Automation API (boo#1224236) * CVE-2024-31443: XSS vulnerability when managing data queries (boo#1224235) * CVE-2024-31445: SQL Injection vulnerability when retrieving graphs using Automation API (boo#1224237) * CVE-2024-27082: XSS vulnerability when managing trees (boo#1224230) * Improve PHP 8.3 support * When importing packages via command line, data source profile could not be selected * When changing password, returning to previous page does not always work * When using LDAP authentication the first time, warnings may appear in logs * When editing/viewing devices, add IPv6 info to hostname tooltip * Improve speed of polling when Boost is enabled * Improve support for Half-Hour time zones * When user session not found, device lists can be incorrectly returned * On import, legacy templates may generate warnings * Improve support for alternate locations of Ping * Improve PHP 8.1 support for Installer * Fix issues with number formatting * Improve PHP 8.1 support when SpikeKill is run first time * Improve PHP 8.1 support for SpikeKill * When using Chinese to search for graphics, garbled characters appear. * When importing templates, preview mode will not always load * When remote poller is installed, MySQL TimeZone DB checks are not performed * When Remote Poller installation completes, no finish button is shown * Unauthorized agents should be recorded into logs * Poller cache may not always update if hostname changes * When using CMD poller, Failure and Recovery dates may have incorrect values * Saving a Tree can cause the tree to become unpublished * Web Basic Authentication does not record user logins * When using Accent-based languages, translations may not work properly * Fix automation expressions for device rules * Improve PHP 8.1 Support during fresh install with boost * Add a device 'enabled/disabled' indicator next to the graphs * Notify the admin periodically when a remote data collector goes into heartbeat status * Add template for Aruba Clearpass * Add fliter/sort of Device Templates by Graph Templates - cacti-spine 1.2.27: * Restore AES Support Affected Software/OS: 'cacti, cacti-spine' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 9.4 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-25641 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/ http://seclists.org/fulldisclosure/2024/May/6 https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210 https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88 Common Vulnerability Exposure (CVE) ID: CVE-2024-27082 https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h Common Vulnerability Exposure (CVE) ID: CVE-2024-29894 https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73 Common Vulnerability Exposure (CVE) ID: CVE-2024-31443 https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3 Common Vulnerability Exposure (CVE) ID: CVE-2024-31444 https://github.com/Cacti/cacti/security/advisories/GHSA-p4ch-7hjw-6m87 Common Vulnerability Exposure (CVE) ID: CVE-2024-31445 https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717 https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856 https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886 https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcc Common Vulnerability Exposure (CVE) ID: CVE-2024-31458 https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x Common Vulnerability Exposure (CVE) ID: CVE-2024-31459 https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp Common Vulnerability Exposure (CVE) ID: CVE-2024-31460 Common Vulnerability Exposure (CVE) ID: CVE-2024-34340 https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m
Copyright	Copyright (C) 2025 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.