Bugs fixes in "ledgersmb"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2024-23831 | LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker | 2025-07-17 |
| CVE | CVE-2021-3882 | LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a rev | 2025-07-17 |
| CVE | CVE-2021-3693 | LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, thi | 2025-07-17 |
| CVE | CVE-2024-23831 | LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker | 2025-07-17 |
| CVE | CVE-2021-3882 | LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a rev | 2025-07-17 |
| CVE | CVE-2021-3693 | LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, thi | 2025-07-17 |
| CVE | CVE-2024-23831 | LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker | 2025-07-17 |
| CVE | CVE-2021-3882 | LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a rev | 2025-07-17 |
| CVE | CVE-2021-3693 | LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, thi | 2025-07-17 |
| CVE | CVE-2024-23831 | LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker | 2025-07-17 |
| CVE | CVE-2021-3882 | LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a rev | 2025-07-17 |
| CVE | CVE-2021-3693 | LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, thi | 2025-07-17 |
| CVE | CVE-2024-23831 | LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker | 2025-07-17 |
| CVE | CVE-2021-3882 | LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a rev | 2025-07-17 |
| CVE | CVE-2021-3693 | LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, thi | 2025-07-17 |
| CVE | CVE-2024-23831 | LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker | 2025-07-17 |
| CVE | CVE-2021-3882 | LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a rev | 2025-07-17 |
| CVE | CVE-2021-3693 | LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, thi | 2025-07-17 |
| CVE | CVE-2021-3731 | LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick | 2021-09-29 |
| CVE | CVE-2021-3694 | LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this fla | 2021-09-29 |
About
-
Send Feedback to @ubuntu_updates
