Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/gosa@2.7.4%2Breloaded2-1%2Bdeb8u2
purl pkg:deb/debian/gosa@2.7.4%2Breloaded2-1%2Bdeb8u2
Next non-vulnerable version 2.7.4+reloaded3-16
Latest non-vulnerable version 2.7.4+reloaded3-16
Risk 2.8
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-33qd-24aq-1ffy
Aliases:
CVE-2018-1000528
security update
2.7.4+reloaded2-13+deb9u3
Affected by 3 other vulnerabilities.
2.7.4+reloaded3-8+deb10u2
Affected by 2 other vulnerabilities.
VCID-fq7p-9rc3-xfdp
Aliases:
CVE-2019-14466
The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.
2.7.4+reloaded3-16
Affected by 0 other vulnerabilities.
VCID-fw3k-qdyr-rbhw
Aliases:
CVE-2015-8771
The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password.
2.7.4+reloaded2-13+deb9u3
Affected by 3 other vulnerabilities.
VCID-vppv-uve4-bqbx
Aliases:
CVE-2019-11187
Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.
2.7.4+reloaded3-16
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-15T23:05:16.701793+00:00 Debian Oval Importer Affected by VCID-fw3k-qdyr-rbhw https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T17:22:51.461252+00:00 Debian Oval Importer Affected by VCID-vppv-uve4-bqbx https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T14:27:22.902756+00:00 Debian Oval Importer Affected by VCID-33qd-24aq-1ffy https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 38.4.0
2026-04-12T00:25:27.854237+00:00 Debian Oval Importer Affected by VCID-33qd-24aq-1ffy https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-12T00:04:34.682991+00:00 Debian Oval Importer Affected by VCID-fq7p-9rc3-xfdp https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T22:41:22.781865+00:00 Debian Oval Importer Affected by VCID-fw3k-qdyr-rbhw https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T17:09:17.279702+00:00 Debian Oval Importer Affected by VCID-vppv-uve4-bqbx https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T14:15:42.880520+00:00 Debian Oval Importer Affected by VCID-33qd-24aq-1ffy https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 38.3.0
2026-04-08T23:56:02.682703+00:00 Debian Oval Importer Affected by VCID-33qd-24aq-1ffy https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T23:35:52.207031+00:00 Debian Oval Importer Affected by VCID-fq7p-9rc3-xfdp https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:16:28.327470+00:00 Debian Oval Importer Affected by VCID-fw3k-qdyr-rbhw https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T16:58:23.412718+00:00 Debian Oval Importer Affected by VCID-vppv-uve4-bqbx https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-07T22:49:30.249302+00:00 Debian Oval Importer Affected by VCID-33qd-24aq-1ffy https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 38.1.0