| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 07_cli-include-path.patch | Fix cli path =================================================================== |
Sean Finney <seanius@debian.org>, Slavko <linux@slavino.sk> | not-needed | debian | 2018-10-13 | |
| enable-system-jqueryui-by-putting-cacti-changes-in-main.css.patch | Upstream embeds jquery-ui.css, but we want to use the system version of that file. To honor cacti's changes to jquery-ui.css, the delta is added as an overload in main.css instead. =================================================================== |
Paul Gevers <elbrus@debian.org> | yes | upstream | ||
| perl-path.patch | Debian has perl on the path =================================================================== |
Paul Gevers <elbrus@debian.org> | not-needed | |||
| font-awesome-path.patch | the file on Debian systems is named slightly different =================================================================== |
Paul Gevers <elbrus@debian.org> | no | |||
| 0001-Fixing-Issue-4022.patch | [PATCH] Fixing Issue #4022 SQL Injection in data_debug.php |
TheWitness <thewitness@cacti.net> | no | 2020-12-24 | ||
| 0001-Fixing-Issue-4019.patch | [PATCH] Fixing Issue #4019 * In a recent audit of core Cacti code, there were a few stored XSS issues that can be exposed * Also removed a few spurious title_trims, that should no longer be a problem. |
TheWitness <thewitness@cacti.net> | no | 2020-12-23 | ||
| 1386bdbf7f845a32e24ac9415f3ebb7932e77fe7.patch | [PATCH] Fixing Issue #4562 - LDAP Authentication bypass issue Under certain LDAP server environments, cacti authentication can be bypassed |
TheWitness <thewitness@cacti.net> | no | 2022-02-21 | ||
| 8694bf28edad723585915a97b95fbf5b1816a02b.patch | [PATCH] Minor update to issue #4562 | TheWitness <thewitness@cacti.net> | no | 2022-02-21 | ||
| 7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216.patch | [PATCH] Merge pull request from GHSA-6p93-p743-35gf * Resolving CVE-2022-46169 * QA: Provide a restrictive option * QA: Further restrict allowed headers to those defined in config only |
Mark Brugnoli-Vinten <netniv@hotmail.com> | no | 2022-12-05 | ||
| CVE-2023-39357.patch | [PATCH] Correct against possible SQL Injections | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39359.patch | [PATCH] Fixing XSS in graphs.php | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39361.patch | [PATCH] QA: Additional REGEXP and RLIKE changes | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39362_1.patch | [PATCH] Addressing some potential command level injections | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39362_2.patch | [PATCH] QA: On command injection | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39364.patch | [PATCH] Correct issue with Hijacking Reference URL | TheWitness <thewitness@cacti.net> | no | 2023-08-04 | ||
| CVE-2023-39365.patch | [PATCH] Fixing #5348 - Issues with Regular Expression searches in Cacti Unchecked Regular expressions can lead to privilege escalation and data leakage |
TheWitness <thewitness@cacti.net> | no | 2023-06-04 | ||
| 0001-Fixing-5318-Multiple-minor-stored-XSS-vulnerabilitie.patch | [PATCH] Fixing #5318 - Multiple minor stored XSS vulnerabilities | TheWitness <thewitness@cacti.net> | no | 2023-04-29 | ||
| CVE-2023-39360.patch | [PATCH] QA: Different approach to XSS issue | TheWitness <thewitness@cacti.net> | no | https://github.com/cacti/cacti/commit/bc6dc996745ef0dee3427178c8d87a6402f3fefa | 2023-08-04 | |
| CVE-2023-39513.patch | [PATCH] Fixing #5324 - Over Escaping Debug log This is an issue between releases due to escaping log entries in the wrong location in the security fix. This change resolves that issue. Reindex device from GUI - debug info broken due to over escaping |
TheWitness <thewitness@cacti.net> | no | https://github.com/cacti/cacti/commit/23abb0e0a9729bd056b56f4fb5a6fc8e7ebda523 | 2023-06-04 | |
| CVE-2023-49084.patch | [PATCH] QA: Increase Cacti Security in four areas | TheWitness <thewitness@cacti.net> | no | https://github.com/cacti/cacti/commit/c3a647e9867ae8e2982e26342630ba9edb2d94b7 | 2023-11-18 | |
| CVE-2023-49085.patch | [PATCH] QA: Increase Cacti Security in four areas | TheWitness <thewitness@cacti.net> | no | https://github.com/cacti/cacti/commit/5f451bc680d7584525d18026836af2a1e31b2188 | 2023-11-18 | |
| CVE-2023-49086.patch | [PATCH] QA: Fix 2 of 3 - Commits for CVE-2023-49088 and CVE-2023-48086 Missed here https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x and here: https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr |
TheWitness <thewitness@cacti.net> | no | https://github.com/cacti/cacti/commit/56f9d99e6e5ab434ea18fa344236f41e78f99c59 | 2023-12-28 | |
| CVE-2023-49088.patch | [PATCH] QA: Fix 2 of 3 - Commits for CVE-2023-49088 and CVE-2023-48086 Missed here https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x and here: https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr |
TheWitness <thewitness@cacti.net> | no | https://github.com/cacti/cacti/commit/59e39b34f8f1d80b28d38a391d7aa6e7a3302f5b | 2023-12-28 |