VulnerableCode Package Details - pkg:deb/debian/awstats@7.0~dfsg-7

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/awstats@7.0~dfsg-7

Essentials
History (24)

purl	pkg:deb/debian/awstats@7.0~dfsg-7

Next non-vulnerable version	7.8-3+deb12u2
Latest non-vulnerable version	8.0-5
Risk	4.4

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-6241-45ms-x3ec Aliases: CVE-2025-63261	AWStats 8.0 is vulnerable to Command Injection via the open function	7.8-3+deb12u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.8-3+deb12u2 Affected by 0 other vulnerabilities. 7.9-1+deb13u1 Affected by 0 other vulnerabilities. 8.0-5 Affected by 0 other vulnerabilities.
VCID-fxrv-1bju-qkgm Aliases: CVE-2020-35176	In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.	7.8-2+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-kfb9-pts3-dffa Aliases: CVE-2012-4547	Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.	7.2+dfsg-1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qabb-bgqe-afdd Aliases: CVE-2017-1000501	Multiple vulnerabilities have been found in AWStats, the worst of which could result in the arbitrary execution of code.	7.2+dfsg-1+deb8u1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.6+dfsg-1+deb9u1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.6+dfsg-2+deb10u1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-s1bj-dpp3-9ubt Aliases: CVE-2022-46391	AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.	7.8-2+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-vqyg-xfyk-h3e5 Aliases: CVE-2020-29600	In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501.	7.8-2+deb11u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T00:42:49.453569+00:00	Debian Oval Importer	Affected by	VCID-vqyg-xfyk-h3e5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-16T00:25:01.783434+00:00	Debian Oval Importer	Affected by	VCID-qabb-bgqe-afdd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T23:31:59.969332+00:00	Debian Oval Importer	Affected by	VCID-kfb9-pts3-dffa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T22:07:10.422328+00:00	Debian Oval Importer	Affected by	VCID-s1bj-dpp3-9ubt	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T20:29:56.396054+00:00	Debian Oval Importer	Affected by	VCID-6241-45ms-x3ec	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:44:43.786050+00:00	Debian Oval Importer	Affected by	VCID-fxrv-1bju-qkgm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T14:30:29.874121+00:00	Debian Oval Importer	Affected by	VCID-qabb-bgqe-afdd	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-15T13:30:36.602309+00:00	Debian Oval Importer	Affected by	VCID-qabb-bgqe-afdd	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.4.0
2026-04-12T00:15:33.771186+00:00	Debian Oval Importer	Affected by	VCID-vqyg-xfyk-h3e5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T23:58:30.382042+00:00	Debian Oval Importer	Affected by	VCID-qabb-bgqe-afdd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T23:07:13.294825+00:00	Debian Oval Importer	Affected by	VCID-kfb9-pts3-dffa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T21:45:07.971683+00:00	Debian Oval Importer	Affected by	VCID-s1bj-dpp3-9ubt	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:11:19.854211+00:00	Debian Oval Importer	Affected by	VCID-6241-45ms-x3ec	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:31:33.045794+00:00	Debian Oval Importer	Affected by	VCID-fxrv-1bju-qkgm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T14:18:47.909901+00:00	Debian Oval Importer	Affected by	VCID-qabb-bgqe-afdd	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-11T13:19:17.288407+00:00	Debian Oval Importer	Affected by	VCID-qabb-bgqe-afdd	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.3.0
2026-04-08T23:46:32.625904+00:00	Debian Oval Importer	Affected by	VCID-vqyg-xfyk-h3e5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T23:30:08.218672+00:00	Debian Oval Importer	Affected by	VCID-qabb-bgqe-afdd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T22:40:52.925100+00:00	Debian Oval Importer	Affected by	VCID-kfb9-pts3-dffa	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T21:22:56.569156+00:00	Debian Oval Importer	Affected by	VCID-s1bj-dpp3-9ubt	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T19:52:34.488767+00:00	Debian Oval Importer	Affected by	VCID-6241-45ms-x3ec	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:22:41.252928+00:00	Debian Oval Importer	Affected by	VCID-fxrv-1bju-qkgm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-07T22:52:30.457608+00:00	Debian Oval Importer	Affected by	VCID-qabb-bgqe-afdd	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0
2026-04-07T21:55:13.906287+00:00	Debian Oval Importer	Affected by	VCID-qabb-bgqe-afdd	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.1.0