Search for packages
| purl | pkg:deb/debian/znuny@6.5.13-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1mkr-c1ay-jygw | An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag. |
CVE-2025-26844
|
| VCID-cqx8-tegf-pfhh | An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog. |
CVE-2025-26842
|
| VCID-s8fu-wpk4-3ycc | An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata. |
CVE-2025-26846
|
| VCID-yrdb-btgm-p3cd | An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script. |
CVE-2025-26845
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-03T07:59:16.241566+00:00 | Debian Importer | Fixing | VCID-s8fu-wpk4-3ycc | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-03T07:59:16.204990+00:00 | Debian Importer | Fixing | VCID-yrdb-btgm-p3cd | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-03T07:59:16.168426+00:00 | Debian Importer | Fixing | VCID-1mkr-c1ay-jygw | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-03T07:59:16.131691+00:00 | Debian Importer | Fixing | VCID-cqx8-tegf-pfhh | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |