[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-OPENSUSE-SU-2020:1106-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":22,"duplicates":23,"related":24,"reserved_at":9,"published_at":29,"modified_at":30,"state":9,"summary":31,"references_raw":33,"kevs":70,"epss":9,"epss_history":71,"metrics":72,"affected":73},"OPENSUSE-SU-2020:1106-1","Security update for cacti, cacti-spine\n\nThis update for cacti, cacti-spine fixes the following issues:\n\n- cacti 1.2.13:\n\n  * Query XSS vulnerabilities require vendor package update\n    (CVE-2020-11022 / CVE-2020-11023)\n  * Lack of escaping on some pages can lead to XSS exposure\n  * Update PHPMailer to 6.1.6 (CVE-2020-13625)\n  * SQL Injection vulnerability due to input validation failure when\n    editing colors (CVE-2020-14295, boo#1173090)\n  * Lack of escaping on template import can lead to XSS exposure\n\n- switch from cron to systemd timers (boo#1115436):\n  + cacti-cron.timer\n  + cacti-cron.service\n- avoid potential root escalation on systems with fs.protected_hardlinks=0\n  (boo#1154087): handle directory permissions in file section instead\n  of using chown during post installation\n- rewrote apache configuration to get rid of .htaccess files and \n  explicitely disable directory permissions per default \n  (only allow a limited, well-known set of directories)\n\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.",null,[],[],[],[14,16,18,20],{"_key":15},"CVE-2020-11022",{"_key":17},"CVE-2020-11023",{"_key":19},"CVE-2020-13625",{"_key":21},"CVE-2020-14295",[],[],[25,26,27,28],{"_key":15},{"_key":17},{"_key":19},{"_key":21},"2020-07-27T21:28:47Z","2026-02-04T02:54:37.245476Z",{"cisa_kev":32,"cisa_ransomware":32,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[34,40,45,49,53,58,62,66],{"url":35,"sources":36,"tags":38},"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4IXKYESUUIOBHBKL32YKWOWHSJKS7RN3/",[37],"osv_suse",[39],"Advisory",{"url":41,"sources":42,"tags":43},"https://bugzilla.suse.com/1115436",[37],[44],"REPORT",{"url":46,"sources":47,"tags":48},"https://bugzilla.suse.com/1154087",[37],[44],{"url":50,"sources":51,"tags":52},"https://bugzilla.suse.com/1173090",[37],[44],{"url":54,"sources":55,"tags":56},"https://www.suse.com/security/cve/CVE-2020-11022",[37],[57],"WEB",{"url":59,"sources":60,"tags":61},"https://www.suse.com/security/cve/CVE-2020-11023",[37],[57],{"url":63,"sources":64,"tags":65},"https://www.suse.com/security/cve/CVE-2020-13625",[37],[57],{"url":67,"sources":68,"tags":69},"https://www.suse.com/security/cve/CVE-2020-14295",[37],[57],[],[],[],[74,87],{"ecosystem":75,"name":76,"vendor":77,"product":78,"cpe_part":9,"purl_type":79,"purl_namespace":77,"purl_name":78,"source":9,"versions":80},"SUSE Linux Enterprise","cacti-spine","suse","cacti-spine&distro=SUSE Package Hub 15 SP1","rpm",[81],{"version":82,"is_range":83,"range_type":84,"version_start":9,"version_start_type":9,"version_end":85,"version_end_type":86,"fixed_in":9},"lt1_2_13_bp151_4_12_1",true,"ecosystem","1.2.13-bp151.4.12.1","excluding",{"ecosystem":75,"name":88,"vendor":77,"product":89,"cpe_part":9,"purl_type":79,"purl_namespace":77,"purl_name":89,"source":9,"versions":90},"cacti","cacti&distro=SUSE Package Hub 15 SP1",[91],{"version":82,"is_range":83,"range_type":84,"version_start":9,"version_start_type":9,"version_end":85,"version_end_type":86,"fixed_in":9}]