VulnerableCode Package Details - pkg:deb/debian/gosa@2.7.4%2Breloaded3-16

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-fq7p-9rc3-xfdp	The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.	CVE-2019-14466
VCID-vppv-uve4-bqbx	Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.	CVE-2019-11187

Vulnerability

Summary

Aliases

VCID-fq7p-9rc3-xfdp

The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.

CVE-2019-14466

VCID-vppv-uve4-bqbx

Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.

CVE-2019-11187

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T00:31:17.443074+00:00	Debian Oval Importer	Fixing	VCID-fq7p-9rc3-xfdp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:22:51.471585+00:00	Debian Oval Importer	Fixing	VCID-vppv-uve4-bqbx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-12T00:04:34.694542+00:00	Debian Oval Importer	Fixing	VCID-fq7p-9rc3-xfdp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:09:17.290868+00:00	Debian Oval Importer	Fixing	VCID-vppv-uve4-bqbx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T23:35:52.219716+00:00	Debian Oval Importer	Fixing	VCID-fq7p-9rc3-xfdp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:58:23.428634+00:00	Debian Oval Importer	Fixing	VCID-vppv-uve4-bqbx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0