diff -Naur vuxml/vuln.xml vuxml-update/vuln.xml --- vuxml/vuln.xml 2020-03-29 21:50:00.000000000 +0200 +++ vuxml-update/vuln.xml 2020-03-31 14:02:54.262405000 +0200 @@ -58,6 +58,46 @@ * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + cacti -- multiple vulnerabilities + + + cacti + 1.2.10 + + + + +

The cacti developers reports:

+
+

+ When guest users have access to realtime graphs, remote code + could be executed (CVE-2020-8813). +

+

+ Lack of escaping on some pages can lead to XSS exposure + (CVE-2020-7106). +

+

+ Remote Code Execution due to input validation failure in + Performance Boost Debug Log (CVE-2020-7237). +

+
+ +
+ + https://github.com/Cacti/cacti/releases/tag/release%2F1.2.10 + CVE-2020-8813 + CVE-2020-7106 + CVE-2020-7237 + ports/245198 + + + 2020-02-04 + 2020-03-31 + +
+ PostgresSQL -- ALTER ... DEPENDS ON EXTENSION is missing authorization checks