Lucene search
K

298 matches found

Cvelist
Cvelist
added 2026/06/24 10:41 p.m.30 views

CVE-2026-39938 Cacti: Unauthenticated RCE on Graph Image

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

9.8CVSS0.00436EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/06/24 10:41 p.m.5 views

CVE-2026-39938

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

9.8CVSS5.7AI score0.00436EPSS
Exploits1
OSV
OSV
added 2026/06/24 10:16 p.m.7 views

DEBIAN-CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.5CVSS5.8AI score0.00104EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 10:16 p.m.6 views

CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.9CVSS0.00104EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 10:16 p.m.4 views

UBUNTU-CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.9CVSS5.7AI score0.00104EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 9:55 p.m.20 views

CVE-2026-39894

CVE-2026-39894 affects Cacti (≤ 1.2.30). Locale-dependent decimal formatting in rrdtool_function_update() uses PHP string interpolation for metric values after is_numeric(), so a value like 1.5 may be rendered as 1,5 under LC_NUMERIC with a comma decimal. RRDtool expects a dot, causing metric dat...

2.9CVSS5.8AI score0.00104EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/24 9:55 p.m.5 views

CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.9CVSS5.8AI score0.00104EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-52142

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Command Injection occurs due to insufficient sanitization in the escape command function located at lib/rrd.php, which acts as a no-op by returning the $command unchanged. The command line constructed...

9.8CVSS5.8AI score0.01113EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52129

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Locale-dependent decimal formatting in the rrdtool function update function can lead to the corruption of RRDtool metric values. The function validates metric values using is numeric and incorporates...

2.9CVSS5.8AI score0.00104EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.16 views

PT-2026-52136

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Cacti is an open source performance and fault management framework. The software contains an unauthenticated Local File Inclusion LFI, which occurs through the graph theme parameter and rrdtool IPC...

9.8CVSS5.8AI score0.00436EPSS
Exploits1References10
CBLMariner
CBLMariner
added 2026/06/13 6:21 p.m.12 views

CVE-2026-43958 affecting package rrdtool for versions less than 1.8.0-3

CVE-2026-43958 affecting package rrdtool for versions less than 1.8.0-3. A patched version of the package is available...

7.8CVSS5.2AI score0.00132EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/07 8:2 a.m.12 views

Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

...

7.8CVSS5.4AI score0.00132EPSS
Exploits0
NVD
NVD
added 2026/06/01 7:16 p.m.12 views

CVE-2026-43958

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

7.8CVSS0.00132EPSS
Exploits0References5
OSV
OSV
added 2026/06/01 7:16 p.m.6 views

UBUNTU-CVE-2026-43958

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

7.8CVSS6.3AI score0.00132EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/01 5:34 p.m.12 views

CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

7.8CVSS6.3AI score0.00132EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/01 5:34 p.m.33 views

CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

7.8CVSS0.00132EPSS
Exploits0References5
CVE
CVE
added 2026/06/01 5:34 p.m.35 views

CVE-2026-43958

The CVE-2026-43958 vulnerability affects rrdcached (part of rrdtool). A local attacker with access to the rrdcached socket can trigger a stack-based buffer overflow by sending an oversized CREATE request, leading to denial of service or potential arbitrary code execution, compromising data integr...

7.8CVSS6.3AI score0.00132EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/01 5:34 p.m.12 views

CVE-2026-43958

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

7.8CVSS6.3AI score0.00132EPSS
Exploits0
EUVD
EUVD
added 2026/06/01 5:34 p.m.13 views

EUVD-2026-33726

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

7.8CVSS6.3AI score0.00132EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

OETIKER+PARTNER RRDtool 安全漏洞

OETIKER+PARTNER RRDtool is a time-series data storage and plotting system developed by OETIKER+PARTNER Inc. There is a security vulnerability in OETIKER+PARTNER RRDtool; this vulnerability stems from a stack buffer overflow issue. It could allow local attackers to cause the daemon process to cras...

7.8CVSS6.2AI score0.00132EPSS
Exploits0References3
Rows per page
Query Builder