VulnerableCode Package Details - pkg:deb/debian/gosa@2.7.4%2Breloaded2-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-33qd-24aq-1ffy Aliases: CVE-2018-1000528	security update	2.7.4+reloaded2-13+deb9u3 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.4+reloaded3-8+deb10u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-fq7p-9rc3-xfdp Aliases: CVE-2019-14466	The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.	2.7.4+reloaded3-16 Affected by 0 other vulnerabilities.
VCID-fw3k-qdyr-rbhw Aliases: CVE-2015-8771	The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password.	2.7.4+reloaded2-13+deb9u3 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vppv-uve4-bqbx Aliases: CVE-2019-11187	Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.	2.7.4+reloaded3-16 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-33qd-24aq-1ffy
Aliases:
CVE-2018-1000528

security update

2.7.4+reloaded2-13+deb9u3
Affected by 3 other vulnerabilities.

2.7.4+reloaded3-8+deb10u2
Affected by 2 other vulnerabilities.

VCID-fq7p-9rc3-xfdp
Aliases:
CVE-2019-14466

The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.

2.7.4+reloaded3-16
Affected by 0 other vulnerabilities.

VCID-fw3k-qdyr-rbhw
Aliases:
CVE-2015-8771

The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password.

2.7.4+reloaded2-13+deb9u3
Affected by 3 other vulnerabilities.

VCID-vppv-uve4-bqbx
Aliases:
CVE-2019-11187

Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.

2.7.4+reloaded3-16
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1118-91y6-cugj	Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username.	CVE-2014-9760

Vulnerability

Summary

Aliases

VCID-1118-91y6-cugj

Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username.

CVE-2014-9760

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-12T00:25:27.850379+00:00	Debian Oval Importer	Affected by	VCID-33qd-24aq-1ffy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-12T00:04:34.679172+00:00	Debian Oval Importer	Affected by	VCID-fq7p-9rc3-xfdp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T22:41:22.778159+00:00	Debian Oval Importer	Affected by	VCID-fw3k-qdyr-rbhw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T21:32:19.549860+00:00	Debian Oval Importer	Fixing	VCID-1118-91y6-cugj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:09:17.275940+00:00	Debian Oval Importer	Affected by	VCID-vppv-uve4-bqbx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T14:15:42.876509+00:00	Debian Oval Importer	Affected by	VCID-33qd-24aq-1ffy	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.3.0
2026-04-08T23:56:02.678619+00:00	Debian Oval Importer	Affected by	VCID-33qd-24aq-1ffy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T23:35:52.202964+00:00	Debian Oval Importer	Affected by	VCID-fq7p-9rc3-xfdp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T22:16:28.323444+00:00	Debian Oval Importer	Affected by	VCID-fw3k-qdyr-rbhw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T21:10:34.153532+00:00	Debian Oval Importer	Fixing	VCID-1118-91y6-cugj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:58:23.408162+00:00	Debian Oval Importer	Affected by	VCID-vppv-uve4-bqbx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-07T22:49:30.244056+00:00	Debian Oval Importer	Affected by	VCID-33qd-24aq-1ffy	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.1.0