VulnerableCode Package Details - pkg:deb/debian/gosa@2.5.6-2.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/gosa@2.5.6-2.1

Essentials
History (16)

purl	pkg:deb/debian/gosa@2.5.6-2.1

Next non-vulnerable version	2.7.4+reloaded3-16
Latest non-vulnerable version	2.7.4+reloaded3-16
Risk	4.0

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-1118-91y6-cugj Aliases: CVE-2014-9760	Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username.	2.7.4+reloaded2-1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-33qd-24aq-1ffy Aliases: CVE-2018-1000528	security update	2.7.4+reloaded2-13+deb9u3 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.4+reloaded3-8+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-f9ur-vbmc-6fcz Aliases: CVE-2007-0313	Unspecified vulnerability in GONICUS System Administration (GOsa) before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests.	2.5.16.1-4.1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-fq7p-9rc3-xfdp Aliases: CVE-2019-14466	The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.	2.7.4+reloaded3-16 Affected by 0 other vulnerabilities.
VCID-fw3k-qdyr-rbhw Aliases: CVE-2015-8771	The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password.	2.7.4+reloaded2-13+deb9u3 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vppv-uve4-bqbx Aliases: CVE-2019-11187	Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.	2.7.4+reloaded3-16 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T17:22:51.439915+00:00	Debian Oval Importer	Affected by	VCID-vppv-uve4-bqbx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T14:27:22.882611+00:00	Debian Oval Importer	Affected by	VCID-33qd-24aq-1ffy	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.4.0
2026-04-12T00:25:27.830346+00:00	Debian Oval Importer	Affected by	VCID-33qd-24aq-1ffy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-12T00:04:34.659797+00:00	Debian Oval Importer	Affected by	VCID-fq7p-9rc3-xfdp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T22:41:22.759143+00:00	Debian Oval Importer	Affected by	VCID-fw3k-qdyr-rbhw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T21:32:19.531555+00:00	Debian Oval Importer	Affected by	VCID-1118-91y6-cugj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:55:15.948456+00:00	Debian Oval Importer	Affected by	VCID-f9ur-vbmc-6fcz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:09:17.256650+00:00	Debian Oval Importer	Affected by	VCID-vppv-uve4-bqbx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T14:15:42.856896+00:00	Debian Oval Importer	Affected by	VCID-33qd-24aq-1ffy	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-08T23:56:02.659680+00:00	Debian Oval Importer	Affected by	VCID-33qd-24aq-1ffy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T23:35:52.183219+00:00	Debian Oval Importer	Affected by	VCID-fq7p-9rc3-xfdp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T22:16:28.303280+00:00	Debian Oval Importer	Affected by	VCID-fw3k-qdyr-rbhw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T21:10:34.124145+00:00	Debian Oval Importer	Affected by	VCID-1118-91y6-cugj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:39:55.946961+00:00	Debian Oval Importer	Affected by	VCID-f9ur-vbmc-6fcz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:58:23.385318+00:00	Debian Oval Importer	Affected by	VCID-vppv-uve4-bqbx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-07T22:49:30.209796+00:00	Debian Oval Importer	Affected by	VCID-33qd-24aq-1ffy	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0