VulnerableCode Package Details - pkg:deb/debian/gosa@2.7.4%2Breloaded3-8%2Bdeb10u2

Search for packages

Vulnerability	Summary	Fixed by
VCID-fq7p-9rc3-xfdp Aliases: CVE-2019-14466	The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.	2.7.4+reloaded3-16 Affected by 0 other vulnerabilities.
VCID-vppv-uve4-bqbx Aliases: CVE-2019-11187	Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.	2.7.4+reloaded3-16 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-fq7p-9rc3-xfdp
Aliases:
CVE-2019-14466

The GOsa_Filter_Settings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions (in the context of the user account that runs the web server) via a crafted cookie value, because unserialize is used to restore filter settings from a cookie.

2.7.4+reloaded3-16
Affected by 0 other vulnerabilities.

VCID-vppv-uve4-bqbx
Aliases:
CVE-2019-11187

Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.

2.7.4+reloaded3-16
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-33qd-24aq-1ffy	security update	CVE-2018-1000528

Vulnerability

Summary

Aliases

VCID-33qd-24aq-1ffy

security update

CVE-2018-1000528

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-12T00:25:27.862043+00:00	Debian Oval Importer	Fixing	VCID-33qd-24aq-1ffy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-12T00:04:34.690696+00:00	Debian Oval Importer	Affected by	VCID-fq7p-9rc3-xfdp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:09:17.287174+00:00	Debian Oval Importer	Affected by	VCID-vppv-uve4-bqbx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T23:56:02.692149+00:00	Debian Oval Importer	Fixing	VCID-33qd-24aq-1ffy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T23:35:52.215445+00:00	Debian Oval Importer	Affected by	VCID-fq7p-9rc3-xfdp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:58:23.423180+00:00	Debian Oval Importer	Affected by	VCID-vppv-uve4-bqbx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0