Search for packages
| purl | pkg:deb/debian/znuny@6.5.1-1 |
| Next non-vulnerable version | 6.5.15-2~bpo12+1 |
| Latest non-vulnerable version | 6.5.15-2~bpo12+1 |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6bn2-cftr-wye3
Aliases: CVE-2025-43926 |
An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other function calls, which then might use these keys/values to affect permissions or other settings. |
Affected by 0 other vulnerabilities. |
|
VCID-apr8-aeke-nbdr
Aliases: CVE-2023-38060 |
Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-01T15:22:56.669423+00:00 | Debian Importer | Affected by | VCID-apr8-aeke-nbdr | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-07-01T15:13:15.024880+00:00 | Debian Importer | Affected by | VCID-6bn2-cftr-wye3 | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |