FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Cacti -- multiple vulnerabilities

Affected packages
cacti < 1.2.13

Details

VuXML ID cd2dc126-cfe4-11ea-9172-4c72b94353b5
Discovery 2020-07-15
Entry 2020-07-27

Cacti developers reports:

Multiple fixes for bundled jQuery to prevent code exec (CVE-2020-11022, CVE-2020-11023).

PHPMail contains a escaping bug (CVE-2020-13625).

SQL Injection via color.php in Cacti (CVE-2020-14295).

References

CVE Name CVE-2020-11022
CVE Name CVE-2020-11023
CVE Name CVE-2020-13625
CVE Name CVE-2020-14295
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13625
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14295
URL https://www.cacti.net/release_notes.php?version=1.2.13