Vulnerabilities (CVE)

Filtered by vendor Ledgersmb Subscribe

Filtered by product Ledgersmb

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-3694	2 Debian, Ledgersmb	2 Debian Linux, Ledgersmb	2021-08-27	6.8 MEDIUM	9.6 CRITICAL
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
CVE-2021-3693	2 Debian, Ledgersmb	2 Debian Linux, Ledgersmb	2021-08-27	6.8 MEDIUM	9.6 CRITICAL
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
CVE-2018-9246	2 Ledgersmb, Pgobject-util-dbadmin Project	2 Ledgersmb, Pgobject-util-dbadmin	2018-08-01	7.5 HIGH	9.8 CRITICAL
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.