| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 07_cli-include-path.patch | Fix cli path =================================================================== |
Sean Finney <seanius@debian.org>, Slavko <linux@slavino.sk> | not-needed | debian | 2018-10-13 | |
| enable-system-jqueryui-by-putting-cacti-changes-in-main.css.patch | Upstream embeds jquery-ui.css, but we want to use the system version of that file. To honor cacti's changes to jquery-ui.css, the delta is added as an overload in main.css instead. =================================================================== |
Paul Gevers <elbrus@debian.org> | yes | upstream | ||
| perl-path.patch | Debian has perl on the path =================================================================== |
Paul Gevers <elbrus@debian.org> | not-needed | |||
| font-awesome-path.patch | the file on Debian systems is named slightly different =================================================================== |
Paul Gevers <elbrus@debian.org> | no | |||
| 0001-Fixing-Issue-4022.patch | [PATCH] Fixing Issue #4022 SQL Injection in data_debug.php |
TheWitness <thewitness@cacti.net> | no | 2020-12-24 | ||
| 0001-Fixing-Issue-4019.patch | [PATCH] Fixing Issue #4019 * In a recent audit of core Cacti code, there were a few stored XSS issues that can be exposed * Also removed a few spurious title_trims, that should no longer be a problem. |
TheWitness <thewitness@cacti.net> | no | 2020-12-23 | ||
| 1386bdbf7f845a32e24ac9415f3ebb7932e77fe7.patch | [PATCH] Fixing Issue #4562 - LDAP Authentication bypass issue Under certain LDAP server environments, cacti authentication can be bypassed |
TheWitness <thewitness@cacti.net> | no | 2022-02-21 | ||
| 8694bf28edad723585915a97b95fbf5b1816a02b.patch | [PATCH] Minor update to issue #4562 | TheWitness <thewitness@cacti.net> | no | 2022-02-21 | ||
| 7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216.patch | [PATCH] Merge pull request from GHSA-6p93-p743-35gf * Resolving CVE-2022-46169 * QA: Provide a restrictive option * QA: Further restrict allowed headers to those defined in config only |
Mark Brugnoli-Vinten <netniv@hotmail.com> | no | 2022-12-05 | ||
| CVE-2023-39357.patch | [PATCH] Correct against possible SQL Injections | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39359.patch | [PATCH] Fixing XSS in graphs.php | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39361.patch | [PATCH] QA: Additional REGEXP and RLIKE changes | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39362_1.patch | [PATCH] Addressing some potential command level injections | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39362_2.patch | [PATCH] QA: On command injection | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39364.patch | [PATCH] Correct issue with Hijacking Reference URL | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39365.patch | [PATCH] Fixing #5348 - Issues with Regular Expression searches in Cacti Unchecked Regular expressions can lead to privilege escalation and data leakage |
TheWitness <thewitness@cacti.net> | no | 2023-06-04 | ||
| 0001-Fixing-5318-Multiple-minor-stored-XSS-vulnerabilitie.patch | [PATCH] Fixing #5318 - Multiple minor stored XSS vulnerabilities | TheWitness <thewitness@cacti.net> | no | 2023-04-29 |