Search for packages
| purl | pkg:deb/debian/gosa@2.7.4%2Breloaded3-16 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-fq7p-9rc3-xfdp | The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie. |
CVE-2019-14466
|
| VCID-vppv-uve4-bqbx | Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided. |
CVE-2019-11187
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-12T00:04:34.694542+00:00 | Debian Oval Importer | Fixing | VCID-fq7p-9rc3-xfdp | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.3.0 |
| 2026-04-11T17:09:17.290868+00:00 | Debian Oval Importer | Fixing | VCID-vppv-uve4-bqbx | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.3.0 |
| 2026-04-08T23:35:52.219716+00:00 | Debian Oval Importer | Fixing | VCID-fq7p-9rc3-xfdp | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.1.0 |
| 2026-04-08T16:58:23.428634+00:00 | Debian Oval Importer | Fixing | VCID-vppv-uve4-bqbx | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 38.1.0 |