[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-OPENSUSE-SU-2022:0145-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":17,"related":18,"reserved_at":9,"published_at":20,"modified_at":21,"state":9,"summary":22,"references_raw":24,"kevs":46,"epss":9,"epss_history":47,"metrics":48,"affected":49},"OPENSUSE-SU-2022:0145-1","Security update for cacti, cacti-spine\n\nThis update for cacti, cacti-spine fixes the following issues:\n\ncacti-spine was updated to 1.2.20:\n\n  * Add support for newer versions of MySQL/MariaDB\n  * When checking for uptime of device, don't assume a non-response\n    is always fatal\n  * Fix description and command trunctation issues\n  * Improve spine performance when only one snmp agent port is in\n    use\n\ncacti-spine 1.2.19:\n\n  * Fix 1ssues with polling loop may skip some datasources\n  * Fix ping no longer works due to hostname changes\n  * Fix RRD steps are not always calculated correctly\n  * Fix unable to build when DES no longer supported\n  * Fix IPv6 devices are not properly parsed\n  * Reduce a number of compiler warnings\n  * Fix compiler warnings due to lack of return in thread_mutex_trylock\n  * Fix Spine will not look at non-timetics uptime when sysUpTimeInstance overflows\n  * Improve performance of Cacti poller on heavily loaded systems\n\ncacti-spine 1.2.20:\n\n  * Add support for newer versions of MySQL/MariaDB\n  * When checking for uptime of device, don't assume a non-response\n    is always fatal\n  * Fix description and command trunctation issues\n  * Improve spine performance when only one snmp agent port is in\n    use\n\ncacti was updated to 1.2.20:\n\n  * Security fix for CVE-2022-0730, boo#1196692\n    Under certain ldap conditions, Cacti authentication can be\n    bypassed with certain credential types.\n  * Security fix: Device, Graph, Graph Template,\n    and Graph Items may be vulnerable to XSS issues\n  * Security fix: Lockout policies are not properly applied to LDAP\n    and Domain Users\n  * Security fix: When using 'remember me' option, incorrect realm\n    may be selected\n  * Security fix: User and Group maintenance are vulnerable to SQL attacks\n  * Security fix: Color Templates are vulnerable to XSS attack\n  * Features:\n    * When creating a Data Source Profile, allow additional choices for Heartbeat\n    * Change select all options to use Font Awesome icons\n    * Improve spine performance by storing the total number of system snmp_ports in use\n    * Prevent Template User Accounts from being Removed\n    * When managing by users, allow filtering by Realm\n    * Allow plugins to supply template account names\n    * When viewing logs, additional message types should be filterable\n    * When creating a Graph Template Item, allow filtering by Data Template\n    * Allow language handler to be selected via UI\n    * Updated Device packages for Synology, Citrix NetScaler, Cisco ASA/Cisco\n    * Add Advanced Ping Graph Template to initial Installable templates\n    * Add LDAP Debug Mode option\n    * Allow Reports to include devices not on a Tree\n    * Allow Basic Authentication to display custom failure message\n  * Fix: When replicating data during installation/upgrade,\n    system may appear to hang\n  * Fix: Graph Template Items may have duplicated entries\n  * Fix: Unable to Save Graph Settings\n  * Fix: Script Server may crash if an OID is missing or unavailable\n  * Fix: When system-wide polling is disabled,\n    remote pollers may fail to sync changed settings\n  * Fix: When updating poller name, duplicate name protection may be over zealous\n  * Fix: Titles may show 'Missing Datasource' incorectly\n  * Fix: Checking for MIB Cache can cause crashes\n  * Fix: Polling cycles may not always complete as expected\n  * Fix: When viewing graph data, non-numeric values may appear\n  * Fix: Utilities view has calculation errors when there are no data sources\n  * Fix: When editing Reports, drag and drop may not function as intended\n  * Fix: When data drive is full, viewing a Graph can result in errors\n  * Various other bug fixes\n\ncacti 1.2.19:\n\n  * Further fixes for grave character security protection (boo#1192408)\n  * Fix Over aggressive escaping causing menu visibility issues on Create Device page\n  * Add SHA256 and AES256 security levels for SNMP polling\n  * Import graph template(Preview Only) show color_id new value as a blank area\n  * Fix Editing graphs errors due to missing sequence\n  * Fix 2hen hovering over a Tree Graph, row shows same highlighting as Graph Edit screen\n  * Fix 2hen RealTime is not active, console errors may appear\n  * Fix race conditions may occur when multiple RRDtool processes are running\n  * Fix errors creating graphs from templates\n  * Fix errors when duplicating reports\n  * Fix Boost may be blocked by overflowing poller_output table\n  * Fix Template import may be blocked due to unmet dependency warnings with snmp ports\n  * Fix Newer MySQL versions may error if committing a transaction when not in one\n  * Fix SNMP Agent may not find a cache item\n  * Fix Correct issues running under PHP 8.x\n  * Fix When polling is disabled, boost may crash and creates many arch tables\n  * Fix When poller runs, memory tables may not always be present\n  * Fix Timezones may sometimes be incorrectly calculated\n  * Fix Allow monitoring IPv6 with interface graphs\n  * Fix When a data source uses a Data Input Method, those without a mapping should be flagged\n  * Fix When RRDfile is not yet created, errors may appear when displaying the graph\n  * Fix Cacti missing key indexes that result in Preset pages slowdowns\n  * Fix Data Sources page shows no name when Data Source has no name cache\n  * Fix db_update_table function can not alter table from signed to unsigned\n  * Fix data remains in poller_output table even if it's flushed to rrd files\n  * Fix Parameter list for lib/database.php:db_connect_real() is not correct in 3 places\n  * Fix Offset is a reserved word in MariaDB 10.6 affecting Report\n  * Fix Rendering large trees slowed due to lack of permission caching\n  * Fix Error on interpretation of snmpUtime, when to big\n  * Fix Applying right axis formatting creates an error-image\n  * Fix Unable to Save Graph Settings from the Graphs pages\n  * Fix Graph Template Cache is nullified too often when Graph Automation is running\n  * Fix When Adding a Data Query to a Device, no Progress Spinner is shown\n  * Fix New Browser Breaks Plugins that depend on non UTC date time data\n  * Fix errors when testing remote poller connectivity\n  * Fix errors when renaming poller\n  * Fix Removing spikes by Variance does not appear to be working beyond the first RRA\n  * Fix LDAP API lacks timeout options leading to bad login experiences\n  * Add a normal/wrap class for general use\n  * Limit File Types available for Template Import operations\n  * Fix Cacti does not provide an option of providing a client side certificate for LDAP/AD authentication\n  * Support Stronger Encryption Available Starting in Net-SNMP v5.8\n  * Allow Cacti to use multiple possible LDAP servers\n  * Add a 15 minute polling/sampling interval\n  * Provide additional admin email notifications\n  * Add warnings for undesired changes to plugin hook return values\n  * When creating a Graph, make testing the Data Sources optional by Template\n  * Update phpseclib to 2.0.33\n  * Update jstree.js to 3.3.12\n  * Improve performance of Cacti poller on heavily loaded systems\n  * MariaDB recommendations need some tuning for recent updates\n\n",null,[],[],[],[14],{"_key":15},"CVE-2022-0730",[],[],[19],{"_key":15},"2022-05-24T08:17:34Z","2026-02-04T02:44:55.510544Z",{"cisa_kev":23,"cisa_ransomware":23,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[25,32,37,41],{"url":26,"sources":27,"tags":30},"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VZEKTX6LOHELIEEVJYSONO5MX6DZOZIA/",[28,29],"osv_suse","osv_opensuse",[31],"Advisory",{"url":33,"sources":34,"tags":35},"https://bugzilla.suse.com/1192408",[28,29],[36],"REPORT",{"url":38,"sources":39,"tags":40},"https://bugzilla.suse.com/1196692",[28,29],[36],{"url":42,"sources":43,"tags":44},"https://www.suse.com/security/cve/CVE-2022-0730",[28,29],[45],"WEB",[],[],[],[50,63,68,74,78,82],{"ecosystem":51,"name":52,"vendor":53,"product":54,"cpe_part":9,"purl_type":55,"purl_namespace":53,"purl_name":54,"source":9,"versions":56},"openSUSE","cacti-spine","opensuse","cacti-spine&distro=openSUSE Leap 15.3","rpm",[57],{"version":58,"is_range":59,"range_type":60,"version_start":9,"version_start_type":9,"version_end":61,"version_end_type":62,"fixed_in":9},"lt1_2_20_bp153_2_9_1",true,"ecosystem","1.2.20-bp153.2.9.1","excluding",{"ecosystem":51,"name":64,"vendor":53,"product":65,"cpe_part":9,"purl_type":55,"purl_namespace":53,"purl_name":65,"source":9,"versions":66},"cacti","cacti&distro=openSUSE Leap 15.3",[67],{"version":58,"is_range":59,"range_type":60,"version_start":9,"version_start_type":9,"version_end":61,"version_end_type":62,"fixed_in":9},{"ecosystem":69,"name":52,"vendor":70,"product":71,"cpe_part":9,"purl_type":55,"purl_namespace":70,"purl_name":71,"source":9,"versions":72},"SUSE Linux Enterprise","suse","cacti-spine&distro=SUSE Package Hub 12",[73],{"version":58,"is_range":59,"range_type":60,"version_start":9,"version_start_type":9,"version_end":61,"version_end_type":62,"fixed_in":9},{"ecosystem":69,"name":52,"vendor":70,"product":75,"cpe_part":9,"purl_type":55,"purl_namespace":70,"purl_name":75,"source":9,"versions":76},"cacti-spine&distro=SUSE Package Hub 15 SP3",[77],{"version":58,"is_range":59,"range_type":60,"version_start":9,"version_start_type":9,"version_end":61,"version_end_type":62,"fixed_in":9},{"ecosystem":69,"name":64,"vendor":70,"product":79,"cpe_part":9,"purl_type":55,"purl_namespace":70,"purl_name":79,"source":9,"versions":80},"cacti&distro=SUSE Package Hub 12",[81],{"version":58,"is_range":59,"range_type":60,"version_start":9,"version_start_type":9,"version_end":61,"version_end_type":62,"fixed_in":9},{"ecosystem":69,"name":64,"vendor":70,"product":83,"cpe_part":9,"purl_type":55,"purl_namespace":70,"purl_name":83,"source":9,"versions":84},"cacti&distro=SUSE Package Hub 15 SP3",[85],{"version":58,"is_range":59,"range_type":60,"version_start":9,"version_start_type":9,"version_end":61,"version_end_type":62,"fixed_in":9}]