All the vulnerabilites related to gnu - mailman
Vulnerability from fkie_nvd
Published
2004-02-17 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12663F37-D788-42D4-A7C3-27AF6940F67A",
"versionEndIncluding": "2.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el scritp de creaci\u00f3n de CGI en Mailman anteriores a 2.1.3 permite a atacantes remotos robar cookies de otros usuarios."
}
],
"id": "CVE-2003-0992",
"lastModified": "2024-11-20T23:46:06.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-02-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000842"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:013"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-020.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A815"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-23 16:29
Modified
2024-11-21 04:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | mailman | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.4 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 7.4 | |
| redhat | enterprise_linux_server_eus | 7.5 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.4 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACCBB818-C823-443C-BEB2-1AF32AD078A8",
"versionEndExcluding": "2.1.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en la interfaz de usuario web en Mailman en versiones anteriores a la 2.1.26 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante una URL user-options."
}
],
"id": "CVE-2018-5950",
"lastModified": "2024-11-21T04:09:44.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-23T16:29:01.647",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104594"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0504"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0505"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1747209"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3563-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4108"
},
{
"source": "cve@mitre.org",
"url": "https://www.mail-archive.com/mailman-users%40python.org/msg70375.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1747209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3563-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.mail-archive.com/mailman-users%40python.org/msg70375.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-02 03:15
Modified
2024-11-21 06:30
Severity ?
Summary
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mailman/+bug/1952384 | Issue Tracking, Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mailman/+bug/1952384 | Issue Tracking, Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | mailman | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C85A76A2-A902-4C77-8DF0-132BF1C0765A",
"versionEndExcluding": "2.1.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes."
},
{
"lang": "es",
"value": "En GNU Mailman versiones anteriores a 2.1.38, un miembro o moderador de la lista puede conseguir un token de tipo CSRF y dise\u00f1ar una petici\u00f3n de administraci\u00f3n (usando ese token) para establecer una nueva contrase\u00f1a de administrador o hacer otros cambios"
}
],
"id": "CVE-2021-44227",
"lastModified": "2024-11-21T06:30:37.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-02T03:15:06.797",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1952384"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1952384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-06 00:04
Modified
2024-11-21 00:12
Severity ?
Summary
Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers".
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D6A976-FFEA-4DB6-B002-8036E778C78E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8894855-E303-4B55-B3BC-DCBE3A0AB703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9D3AFFFD-1BDC-4511-9DA0-56ACD337F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1500D8-952A-46C6-920C-096760C36A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "503D7346-4891-40B1-A0CD-0FACC5359431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "643610C6-99A9-43C9-A8FC-463A244C08DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45C53260-503F-4934-B1FE-9FACD8E0EE66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C670F583-6B60-4D80-A75F-CD53FDDF27D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A34CBFC5-CB18-4FE4-9B4D-F3280CBCCD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CA788EB3-E162-4752-984D-5601A8C6C770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E2571330-3239-469E-883D-8994257D0C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1b1:*:*:*:*:*:*:*",
"matchCriteriaId": "085C333C-E2E7-4ACD-9CC8-C37C67725954",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving \"standards-breaking RFC 2231 formatted headers\"."
},
{
"lang": "es",
"value": "Mailman anterior a 2.1.9rc1 permite a un atacante remoto provocar denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados que envuelven \"cabeceras formadas de est\u00e1ndar-rotos RFC 2231\"."
}
],
"id": "CVE-2006-2941",
"lastModified": "2024-11-21T00:12:27.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-06T00:04:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0600.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21732"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21792"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21837"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21879"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22011"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22020"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22639"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1016808"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859\u0026r2=7923"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/19831"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-345-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/3446"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28732"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0600.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859\u0026r2=7923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-345-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9912"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D6A976-FFEA-4DB6-B002-8036E778C78E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8894855-E303-4B55-B3BC-DCBE3A0AB703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1500D8-952A-46C6-920C-096760C36A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "503D7346-4891-40B1-A0CD-0FACC5359431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "643610C6-99A9-43C9-A8FC-463A244C08DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1b1:*:*:*:*:*:*:*",
"matchCriteriaId": "085C333C-E2E7-4ACD-9CC8-C37C67725954",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server."
},
{
"lang": "es",
"value": "Mailman anteriores a 2.1.5 permiten a atacantes remotos obtener contrase\u00f1as de usuario mediante peticiones de correo electronico especialmente elaboradas."
}
],
"id": "CVE-2004-0412",
"lastModified": "2024-11-20T23:48:32.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000842"
},
{
"source": "cve@mitre.org",
"url": "http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109034869927955\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11701"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-04.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:051"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10412"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109034869927955\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16256"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-15 20:00
Modified
2024-11-21 01:18
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | mailman | * | |
| gnu | mailman | 2.1 | |
| gnu | mailman | 2.1 | |
| gnu | mailman | 2.1 | |
| gnu | mailman | 2.1 | |
| gnu | mailman | 2.1.1 | |
| gnu | mailman | 2.1.2 | |
| gnu | mailman | 2.1.3 | |
| gnu | mailman | 2.1.4 | |
| gnu | mailman | 2.1.5 | |
| gnu | mailman | 2.1.6 | |
| gnu | mailman | 2.1.7 | |
| gnu | mailman | 2.1.8 | |
| gnu | mailman | 2.1.9 | |
| gnu | mailman | 2.1.10 | |
| gnu | mailman | 2.1.11 | |
| gnu | mailman | 2.1.11 | |
| gnu | mailman | 2.1.11 | |
| gnu | mailman | 2.1.12 | |
| gnu | mailman | 2.1.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7A1DA0-2063-4757-8CDA-A7308F14045B",
"versionEndIncluding": "2.1.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D6A976-FFEA-4DB6-B002-8036E778C78E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "33DA97C8-532B-442C-94B4-69D10A81EDA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "F9908375-B974-4238-B839-0E548A92DCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1:stable:*:*:*:*:*:*",
"matchCriteriaId": "4738B8CB-AE25-4491-8C6F-BBCA47F72D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8894855-E303-4B55-B3BC-DCBE3A0AB703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1500D8-952A-46C6-920C-096760C36A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "503D7346-4891-40B1-A0CD-0FACC5359431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "643610C6-99A9-43C9-A8FC-463A244C08DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45C53260-503F-4934-B1FE-9FACD8E0EE66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A34CBFC5-CB18-4FE4-9B4D-F3280CBCCD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CA788EB3-E162-4752-984D-5601A8C6C770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E2571330-3239-469E-883D-8994257D0C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5F27323B-6B10-4941-B20B-187562797D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "890FEDE2-474A-4870-9165-CAD39BC6D318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C7EEDB-5794-419A-8E61-137DB76A4E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C1FC55D7-3857-4614-82FC-5266A3BD8FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A64FECFD-F6BF-49C1-926C-41868787378C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7A3B58-4038-41AE-A42E-BE743A14D5A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E3D1CC02-7D5F-41CB-A881-A82A13CE9EE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en GNU Mailman anterior a v2.1.14rc1 permite a los usuarios remotos autenticados inyectar c\u00f3digo web o HTML a su elecci\u00f3n a trav\u00e9s de vectores involucrados (1) el campo de informaci\u00f3n de la lista o (2) el campo de descripci\u00f3n de la lista."
}
],
"id": "CVE-2010-3089",
"lastModified": "2024-11-21T01:18:00.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-09-15T20:00:02.103",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://mail.python.org/pipermail/mailman-announce/2010-September/000150.html"
},
{
"source": "secalert@redhat.com",
"url": "http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=128438736513097\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=128440851513718\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=128441135117819\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=128441237618793\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=oss-security\u0026m=128441369020123\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41265"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42502"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43294"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43425"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43549"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43580"
},
{
"source": "secalert@redhat.com",
"url": "http://support.apple.com/kb/HT4581"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2170"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0308.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1069-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/3271"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0436"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0460"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0542"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=631859"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=631881"
},
{
"source": "secalert@redhat.com",
"url": "https://launchpad.net/mailman/+milestone/2.1.14rc1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.python.org/pipermail/mailman-announce/2010-September/000150.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=128438736513097\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=128440851513718\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=128441135117819\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=128441237618793\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=128441369020123\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0308.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1069-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/3271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=631859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=631881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/mailman/+milestone/2.1.14rc1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-09-05 04:00
Modified
2024-11-20 23:36
Severity ?
Summary
Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1FA86F3-4C9D-4B7B-A183-7187BF453744",
"versionEndIncluding": "2.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication."
}
],
"id": "CVE-2001-1132",
"lastModified": "2024-11-20T23:36:57.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-09-05T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000420"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5455"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7091"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-21 01:15
Modified
2024-11-21 06:27
Severity ?
Summary
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/10/21/4 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://bugs.launchpad.net/mailman/+bug/1947640 | Patch, Third Party Advisory | |
| cve@mitre.org | https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/ | ||
| cve@mitre.org | https://www.debian.org/security/2021/dsa-4991 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/10/21/4 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mailman/+bug/1947640 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2021/dsa-4991 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | mailman | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD63075-218B-47B2-9E0B-FE13FAEDEDAB",
"versionEndExcluding": "2.1.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover)."
},
{
"lang": "es",
"value": "GNU Mailman versiones anteriores a 2.1.35, puede permitir una escalada de privilegios remota. Un valor csrf_token no es espec\u00edfico de una sola cuenta de usuario. Un atacante puede obtener un valor dentro del contexto de una cuenta de usuario sin privilegios, y luego usar ese valor en un ataque de tipo CSRF contra un administrador (por ejemplo, para la toma de posesi\u00f3n de la cuenta)"
}
],
"id": "CVE-2021-42097",
"lastModified": "2024-11-21T06:27:15.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-21T01:15:06.940",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/21/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1947640"
},
{
"source": "cve@mitre.org",
"url": "https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/21/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1947640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4991"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-02-17 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2119A71-0B5A-47F5-9935-B1D71D5A1295",
"versionEndIncluding": "2.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mailman anteriores a 2.1.4 permite a atacantes remotos robar cookies de sesi\u00f3n y llevar a cabo actividades no autorizadas."
}
],
"id": "CVE-2003-0965",
"lastModified": "2024-11-20T23:45:58.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-02-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000842"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2003-December/000066.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10519"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2004/dsa-436"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:013"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3305"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9336"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14121"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2003-December/000066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2004/dsa-436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A813"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-06-01 04:00
Modified
2024-11-20 23:47
Severity ?
Summary
Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2004-156.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2004-156.html | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "764628A5-3961-43E9-92B4-EE6054EA6E90",
"versionEndIncluding": "2.0.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field."
}
],
"id": "CVE-2004-0182",
"lastModified": "2024-11-20T23:47:57.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-06-01T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-156.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-156.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-26 17:29
Modified
2024-11-21 03:38
Severity ?
Summary
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | mailman | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCD00F8-83D2-4F95-B5D5-BB0C52D0810F",
"versionEndIncluding": "2.1.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Scripting (XSS) en Mailman 2.1.26 y anteriores permite que los atacantes autenticados inyecten scripts web o HTML arbitrarios utilizando vectores no especificados."
}
],
"id": "CVE-2018-0618",
"lastModified": "2024-11-21T03:38:35.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-26T17:29:00.630",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN00846677/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mailing List"
],
"url": "https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201904-10"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://usn.ubuntu.com/4348-1/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN00846677/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201904-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4348-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4246"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-21 05:00
Modified
2024-11-20 23:36
Severity ?
Summary
Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60AD053B-1E35-4AB6-BCCC-96D571C11B37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D04755F-8B82-4951-93D7-B81792387610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C92A998E-585A-4D66-B985-0C5401CFF2F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E237A77D-A80A-4ED7-AA07-0AB765D54F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE92813-4FDE-4358-9769-E17D89BA76CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en el archivador de correo electr\u00f3nico Mailman permite a atacantes ganar informaci\u00f3n sensible o credenciales de autenticaci\u00f3n mediante un enlace malicioso que es accedido por otros usuarios web."
}
],
"id": "CVE-2001-0884",
"lastModified": "2024-11-20T23:36:21.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2001-12-21T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2001-168.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2001-169.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2001-170.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/advisories/3721"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/242839"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3602"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2001-168.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2001-169.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2001-170.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/advisories/3721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/242839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7617"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-19 21:07
Modified
2024-11-21 00:10
Severity ?
Summary
Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42856677-9290-4B21-AE1F-0F217B0D80AC",
"versionEndIncluding": "2.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "security@debian.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is \"unexploitable."
},
{
"lang": "es",
"value": "** IMPUGNADO ** Vulnerabilidad de cadena de formato en Mailman anterior a 2.1.9 permite a atacantes ejecutar c\u00f3digo de su elecci\u00f3n v\u00eda vectores no especificados. NOTA: el vendedor ha impugnado esta vulnerabilidad, estableciendo que es \"inexplotable\"."
}
],
"id": "CVE-2006-2191",
"lastModified": "2024-11-21T00:10:45.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-19T21:07:00.000",
"references": [
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"source": "security@debian.org",
"url": "http://people.debian.org/~terpstra/message/20060906.155339.0c0732a4.en.html"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/21732"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/22639"
},
{
"source": "security@debian.org",
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://people.debian.org/~terpstra/message/20060906.155339.0c0732a4.en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | mailman | 2.1.5 | |
| ubuntu | ubuntu_linux | 4.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45C53260-503F-4934-B1FE-9FACD8E0EE66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C62EF915-CA7C-4D75-BC67-E015772BB9CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address."
}
],
"id": "CVE-2005-0080",
"lastModified": "2024-11-20T23:54:22.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285839"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110549296126351\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://qa.debian.org/bts-security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110549296126351\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://qa.debian.org/bts-security.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | mailman | 1.0 | |
| gnu | mailman | 1.1 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0.1 | |
| gnu | mailman | 2.0.2 | |
| gnu | mailman | 2.0.3 | |
| gnu | mailman | 2.0.4 | |
| gnu | mailman | 2.0.5 | |
| gnu | mailman | 2.0.6 | |
| gnu | mailman | 2.0.7 | |
| gnu | mailman | 2.0.8 | |
| gnu | mailman | 2.0.9 | |
| gnu | mailman | 2.0.10 | |
| gnu | mailman | 2.0.11 | |
| gnu | mailman | 2.0.12 | |
| gnu | mailman | 2.0.13 | |
| gnu | mailman | 2.1 | |
| gnu | mailman | 2.1.1 | |
| gnu | mailman | 2.1.2 | |
| gnu | mailman | 2.1.3 | |
| gnu | mailman | 2.1.4 | |
| gnu | mailman | 2.1b1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46CF8999-445E-4E03-89F1-81669F9F93D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D965E3E-E08C-40EA-AF66-470F473F0262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64179C1D-C96F-431F-AD80-CBCA77CB9E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "EC6B30F6-70A8-43C7-BA5C-6DD8A6ED829D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "767101D3-ABB0-4D34-AA28-75F78A392F39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "BEB60D06-E9D0-4949-8542-334D180F491D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F884774-D1A1-42A6-A3FE-9B0500725666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C56B981-FD66-46F2-806A-3FFDEC520482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3E1994-6CAC-48E9-8438-0D894A76FE66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8742B0-A91D-457D-BF57-06AFC5219BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6F04EDBE-4B04-4B4C-A2BE-5286AC7C8952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "615566E3-9EBD-49B3-9727-0883D3F0334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F59D0CCF-3CD0-4D99-B1F1-38F331422801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FADF5CE8-D072-4CFE-8A96-BA86187B478B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72278005-5F2A-4459-8813-DF7EC2D1F063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4E39A909-E266-4BA9-87C6-DE26052433E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA16FD9-0625-4D3D-9F10-130A28C88DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EE33EFBF-E155-4C3B-93CC-63AA1266A8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2FB70-7EB9-4AA7-9E85-C151C3CC8104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D6A976-FFEA-4DB6-B002-8036E778C78E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8894855-E303-4B55-B3BC-DCBE3A0AB703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1500D8-952A-46C6-920C-096760C36A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "503D7346-4891-40B1-A0CD-0FACC5359431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "643610C6-99A9-43C9-A8FC-463A244C08DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1b1:*:*:*:*:*:*:*",
"matchCriteriaId": "085C333C-E2E7-4ACD-9CC8-C37C67725954",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page."
}
],
"id": "CVE-2004-1177",
"lastModified": "2024-11-20T23:50:17.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-10T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287555"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110549296126351\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/13603"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-674"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:015"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_07_mailman.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-235.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18854"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110549296126351\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/13603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_07_mailman.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-235.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11113"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue did not affect the versions of mailman shipped with Red Hat Enterprise Linux 2.1, 3, or 4. In addition, we believe this issue does not apply to the 2.0.x versions of\nmailman due to setting of STEALTH_MODE\n\n",
"lastModified": "2006-08-30T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-02 14:59
Modified
2024-11-21 02:57
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | mailman | 2.1 | |
| gnu | mailman | 2.1.1 | |
| gnu | mailman | 2.1.2 | |
| gnu | mailman | 2.1.3 | |
| gnu | mailman | 2.1.4 | |
| gnu | mailman | 2.1.5 | |
| gnu | mailman | 2.1.6 | |
| gnu | mailman | 2.1.8 | |
| gnu | mailman | 2.1.9 | |
| gnu | mailman | 2.1.10 | |
| gnu | mailman | 2.1.10 | |
| gnu | mailman | 2.1.10b1 | |
| gnu | mailman | 2.1.10b3 | |
| gnu | mailman | 2.1.10b4 | |
| gnu | mailman | 2.1.11 | |
| gnu | mailman | 2.1.11 | |
| gnu | mailman | 2.1.11 | |
| gnu | mailman | 2.1.12 | |
| gnu | mailman | 2.1.12 | |
| gnu | mailman | 2.1.12 | |
| gnu | mailman | 2.1.13 | |
| gnu | mailman | 2.1.13 | |
| gnu | mailman | 2.1.14 | |
| gnu | mailman | 2.1.14 | |
| gnu | mailman | 2.1.14-1 | |
| gnu | mailman | 2.1.15 | |
| gnu | mailman | 2.1.15 | |
| gnu | mailman | 2.1.16 | |
| gnu | mailman | 2.1.16 | |
| gnu | mailman | 2.1.16 | |
| gnu | mailman | 2.1.16 | |
| gnu | mailman | 2.1.17 | |
| gnu | mailman | 2.1.18 | |
| gnu | mailman | 2.1.18 | |
| gnu | mailman | 2.1.18 | |
| gnu | mailman | 2.1.18 | |
| gnu | mailman | 2.1.18-1 | |
| gnu | mailman | 2.1.19 | |
| gnu | mailman | 2.1.19 | |
| gnu | mailman | 2.1.19 | |
| gnu | mailman | 2.1.19 | |
| gnu | mailman | 2.1.20 | |
| gnu | mailman | 2.1.21 | |
| gnu | mailman | 2.1.21 | |
| gnu | mailman | 2.1.22 | |
| gnu | mailman | 2.1.23 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D6A976-FFEA-4DB6-B002-8036E778C78E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8894855-E303-4B55-B3BC-DCBE3A0AB703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1500D8-952A-46C6-920C-096760C36A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "503D7346-4891-40B1-A0CD-0FACC5359431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "643610C6-99A9-43C9-A8FC-463A244C08DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45C53260-503F-4934-B1FE-9FACD8E0EE66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A34CBFC5-CB18-4FE4-9B4D-F3280CBCCD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E2571330-3239-469E-883D-8994257D0C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5F27323B-6B10-4941-B20B-187562797D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "890FEDE2-474A-4870-9165-CAD39BC6D318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D4FFE8F2-B665-41F1-B4C5-E7C66BE91E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.10b1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C08F313-30E9-4B9E-BA5A-4910DD5E155C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.10b3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9B09DFC-A238-49CA-9DB8-F4052775BF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.10b4:*:*:*:*:*:*:*",
"matchCriteriaId": "C219D531-3E3A-4B85-B3A6-8A4335E86AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C7EEDB-5794-419A-8E61-137DB76A4E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C1FC55D7-3857-4614-82FC-5266A3BD8FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A64FECFD-F6BF-49C1-926C-41868787378C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7A3B58-4038-41AE-A42E-BE743A14D5A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2C3215CB-7146-49D3-B350-A07E0C9FB04D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "800F3CE3-CEE2-4C63-B0DD-F9F72E9F1B71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "2019E834-DFF4-4C9A-82D1-E768EA8934EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E3D1CC02-7D5F-41CB-A881-A82A13CE9EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "11010D5F-AA02-45EC-B007-47BF9194250B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A677EC3D-A08A-44B8-B7E1-F229F515F407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.14-1:*:*:*:*:*:*:*",
"matchCriteriaId": "876E65AB-6D2E-41C2-899E-7D5EE176F877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "7985A5B3-0473-426D-9F8D-63B81C7D1177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.15:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6B211D97-5316-4EB1-999D-26C53708F200",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F6AC4D1E-B92F-400A-8B73-CB99E5825A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5BB702F4-324D-4B87-9590-22CD2465A708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.16:rc2:*:*:*:*:*:*",
"matchCriteriaId": "47B47F16-4E68-4DB2-9C61-DBABB75C7A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.16:rc3:*:*:*:*:*:*",
"matchCriteriaId": "11931F41-6B65-4C1B-9A82-8F89F093E9AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "59A972C3-06C4-4DED-825C-B1931B35E135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB3C5C8-98AC-4BC3-A06E-6F2920CA951B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.18:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C3BC472-4428-4786-A3AA-390C66553DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.18:rc2:*:*:*:*:*:*",
"matchCriteriaId": "69B95EB8-6D8B-4342-A6A8-472BF1190A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.18:rc3:*:*:*:*:*:*",
"matchCriteriaId": "011CD4BF-FE51-40A7-B457-884DDF3C7FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.18-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2DA8DD-77C1-44A0-9A49-FB1CEE26CB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "68C51AFA-3C45-48A2-8ADC-514BF5374413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BF11D5FD-FCD5-4147-876C-09980D05152C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "503671C5-1F2A-4676-8D58-86C2D01405E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5154BCB6-2216-433E-BC77-B862490545F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E73970DC-7F70-437E-A669-B0EE6F4629AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "13081A16-D625-4AD1-9493-AFA5126269C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.21:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F6F40EE5-9E50-4703-9151-4640B11C78A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "51028759-33CD-4C80-A534-B46E62C03F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "683F421B-C986-4572-9612-1635AF7DD084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim\u0027s account."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en la p\u00e1gina de opciones de usuario en GNU Mailman 2.1.x en versiones anteriores a 2.1.23 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para peticiones que modifican una opci\u00f3n, tal como se demuestra ganando acceso a las credenciales de una cuenta de una v\u00edctima."
}
],
"id": "CVE-2016-6893",
"lastModified": "2024-11-21T02:57:02.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-02T14:59:09.283",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3668"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92731"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036728"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/bugs/1614841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/bugs/1614841"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-12 21:15
Modified
2024-11-21 06:29
Severity ?
Summary
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mailman/+bug/1949401 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mail.python.org/archives/list/mailman-announce%40python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mailman/+bug/1949401 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mail.python.org/archives/list/mailman-announce%40python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | mailman | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F89F98F5-261E-40A0-A593-CA3E3D24A2D0",
"versionEndExcluding": "2.1.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS."
},
{
"lang": "es",
"value": "En GNU Mailman versiones anteriores a 2.1.36, una URL dise\u00f1ada para la p\u00e1gina de opciones de usuario Cgi/options.py puede ejecutar JavaScript arbitrario para XSS"
}
],
"id": "CVE-2021-43331",
"lastModified": "2024-11-21T06:29:05.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-12T21:15:07.853",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1949401"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
},
{
"source": "cve@mitre.org",
"url": "https://mail.python.org/archives/list/mailman-announce%40python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1949401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://mail.python.org/archives/list/mailman-announce%40python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-10-20 04:00
Modified
2024-11-20 23:33
Severity ?
Summary
The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "EC6B30F6-70A8-43C7-BA5C-6DD8A6ED829D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "767101D3-ABB0-4D34-AA28-75F78A392F39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:conectiva:linux:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FFDAB801-AAA0-4B3B-B488-52E7BA8650C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:conectiva:linux:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "612AC3B1-8E55-437F-9600-67EA1A8BAD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:conectiva:linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "537A5C29-D770-4755-A6AB-8916754E14DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:conectiva:linux:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AC05A9-04DA-4ED3-94D8-3254384CB724",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B133DAC8-2B0D-4F83-9025-AD071740187A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges."
}
],
"id": "CVE-2000-0701",
"lastModified": "2024-11-20T23:33:05.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-10-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0474.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0479.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2000-030.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/73220"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1539"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000802105050.A11733%40rak.isternet.sk"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0474.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0479.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2000-030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/73220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000802105050.A11733%40rak.isternet.sk"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-02-22 19:00
Modified
2024-11-21 01:24
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | mailman | * | |
| gnu | mailman | 1.0 | |
| gnu | mailman | 1.1 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0.1 | |
| gnu | mailman | 2.0.2 | |
| gnu | mailman | 2.0.3 | |
| gnu | mailman | 2.0.4 | |
| gnu | mailman | 2.0.5 | |
| gnu | mailman | 2.0.6 | |
| gnu | mailman | 2.0.7 | |
| gnu | mailman | 2.0.8 | |
| gnu | mailman | 2.0.9 | |
| gnu | mailman | 2.0.10 | |
| gnu | mailman | 2.0.11 | |
| gnu | mailman | 2.0.12 | |
| gnu | mailman | 2.0.13 | |
| gnu | mailman | 2.0.14 | |
| gnu | mailman | 2.1 | |
| gnu | mailman | 2.1 | |
| gnu | mailman | 2.1 | |
| gnu | mailman | 2.1 | |
| gnu | mailman | 2.1.1 | |
| gnu | mailman | 2.1.1 | |
| gnu | mailman | 2.1.2 | |
| gnu | mailman | 2.1.3 | |
| gnu | mailman | 2.1.4 | |
| gnu | mailman | 2.1.5 | |
| gnu | mailman | 2.1.5.8 | |
| gnu | mailman | 2.1.6 | |
| gnu | mailman | 2.1.7 | |
| gnu | mailman | 2.1.8 | |
| gnu | mailman | 2.1.9 | |
| gnu | mailman | 2.1.10 | |
| gnu | mailman | 2.1.11 | |
| gnu | mailman | 2.1.11 | |
| gnu | mailman | 2.1.11 | |
| gnu | mailman | 2.1.12 | |
| gnu | mailman | 2.1.13 | |
| gnu | mailman | 2.1.13 | |
| gnu | mailman | 2.1.14 | |
| gnu | mailman | 2.1b1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7400C28-5080-48B9-A2B8-30187FA7ADBF",
"versionEndIncluding": "2.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46CF8999-445E-4E03-89F1-81669F9F93D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D965E3E-E08C-40EA-AF66-470F473F0262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64179C1D-C96F-431F-AD80-CBCA77CB9E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "EC6B30F6-70A8-43C7-BA5C-6DD8A6ED829D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "767101D3-ABB0-4D34-AA28-75F78A392F39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "BEB60D06-E9D0-4949-8542-334D180F491D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F884774-D1A1-42A6-A3FE-9B0500725666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C56B981-FD66-46F2-806A-3FFDEC520482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3E1994-6CAC-48E9-8438-0D894A76FE66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8742B0-A91D-457D-BF57-06AFC5219BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6F04EDBE-4B04-4B4C-A2BE-5286AC7C8952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "615566E3-9EBD-49B3-9727-0883D3F0334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F59D0CCF-3CD0-4D99-B1F1-38F331422801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FADF5CE8-D072-4CFE-8A96-BA86187B478B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72278005-5F2A-4459-8813-DF7EC2D1F063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4E39A909-E266-4BA9-87C6-DE26052433E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA16FD9-0625-4D3D-9F10-130A28C88DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EE33EFBF-E155-4C3B-93CC-63AA1266A8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2FB70-7EB9-4AA7-9E85-C151C3CC8104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "47F9AC7B-C0EB-4B7F-8997-1491301D0EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D6A976-FFEA-4DB6-B002-8036E778C78E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "33DA97C8-532B-442C-94B4-69D10A81EDA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "F9908375-B974-4238-B839-0E548A92DCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1:stable:*:*:*:*:*:*",
"matchCriteriaId": "4738B8CB-AE25-4491-8C6F-BBCA47F72D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8894855-E303-4B55-B3BC-DCBE3A0AB703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9D3AFFFD-1BDC-4511-9DA0-56ACD337F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1500D8-952A-46C6-920C-096760C36A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "503D7346-4891-40B1-A0CD-0FACC5359431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "643610C6-99A9-43C9-A8FC-463A244C08DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45C53260-503F-4934-B1FE-9FACD8E0EE66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C670F583-6B60-4D80-A75F-CD53FDDF27D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A34CBFC5-CB18-4FE4-9B4D-F3280CBCCD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CA788EB3-E162-4752-984D-5601A8C6C770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E2571330-3239-469E-883D-8994257D0C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5F27323B-6B10-4941-B20B-187562797D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "890FEDE2-474A-4870-9165-CAD39BC6D318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C7EEDB-5794-419A-8E61-137DB76A4E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C1FC55D7-3857-4614-82FC-5266A3BD8FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.11:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A64FECFD-F6BF-49C1-926C-41868787378C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7A3B58-4038-41AE-A42E-BE743A14D5A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "2019E834-DFF4-4C9A-82D1-E768EA8934EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E3D1CC02-7D5F-41CB-A881-A82A13CE9EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.14:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A677EC3D-A08A-44B8-B7E1-F229F515F407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1b1:*:*:*:*:*:*:*",
"matchCriteriaId": "085C333C-E2E7-4ACD-9CC8-C37C67725954",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados(XSS) en CGI/confirm.py en GNU Mailman v2.1.14 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del campo (1) nombre completo o (2) nombre de usuario en un mensaje de confirmaci\u00f3n."
}
],
"id": "CVE-2011-0707",
"lastModified": "2024-11-21T01:24:39.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-02-22T19:00:02.287",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056363.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056387.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056399.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://mail.python.org/pipermail/mailman-announce/2011-February/000157.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2011-February/000158.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/70936"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43294"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43389"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43425"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43549"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43580"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43829"
},
{
"source": "secalert@redhat.com",
"url": "http://support.apple.com/kb/HT5002"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2170"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:036"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0308.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/46464"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1025106"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1069-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0435"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0436"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0460"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0487"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0542"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0720"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056363.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056387.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056399.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.python.org/pipermail/mailman-announce/2011-February/000157.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2011-February/000158.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/70936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0308.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1069-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65538"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-06-18 04:00
Modified
2024-11-20 23:38
Severity ?
Summary
Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DBFAF02-AB05-4823-9FF5-A0ED8D08CC10",
"versionEndIncluding": "2.0.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries."
}
],
"id": "CVE-2002-0388",
"lastModified": "2024-11-20T23:38:57.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-06-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4826"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-12 21:15
Modified
2024-11-21 06:29
Severity ?
Summary
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mailman/+bug/1949403 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://mail.python.org/archives/list/mailman-announce%40python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mailman/+bug/1949403 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mail.python.org/archives/list/mailman-announce%40python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | mailman | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F89F98F5-261E-40A0-A593-CA3E3D24A2D0",
"versionEndExcluding": "2.1.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack."
},
{
"lang": "es",
"value": "En GNU Mailman versiones anteriores a 2.1.36, el token CSRF para la p\u00e1gina Cgi/admindb.py admindb contiene una versi\u00f3n encriptada de la contrase\u00f1a del administrador de la lista. Esto podr\u00eda ser potencialmente descifrado por un moderador por medio de un ataque de fuerza bruta fuera de l\u00ednea"
}
],
"id": "CVE-2021-43332",
"lastModified": "2024-11-21T06:29:06.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-12T21:15:07.950",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1949403"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
},
{
"source": "cve@mitre.org",
"url": "https://mail.python.org/archives/list/mailman-announce%40python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1949403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://mail.python.org/archives/list/mailman-announce%40python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-12-29 11:55
Modified
2024-11-21 01:33
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sitewat.ch/Advisory/View/3 | URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sitewat.ch/Advisory/View/3 | URL Repurposed |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2FB70-7EB9-4AA7-9E85-C151C3CC8104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D6A976-FFEA-4DB6-B002-8036E778C78E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8894855-E303-4B55-B3BC-DCBE3A0AB703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1500D8-952A-46C6-920C-096760C36A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "503D7346-4891-40B1-A0CD-0FACC5359431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "643610C6-99A9-43C9-A8FC-463A244C08DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A34CBFC5-CB18-4FE4-9B4D-F3280CBCCD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CA788EB3-E162-4752-984D-5601A8C6C770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E2571330-3239-469E-883D-8994257D0C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5F27323B-6B10-4941-B20B-187562797D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "890FEDE2-474A-4870-9165-CAD39BC6D318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C7EEDB-5794-419A-8E61-137DB76A4E15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7A3B58-4038-41AE-A42E-BE743A14D5A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter."
},
{
"lang": "es",
"value": "Varias vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en mmsearch/dise\u00f1o en el Mailman/htdig parche de integraci\u00f3n de Mailman permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro de configuraci\u00f3n."
}
],
"id": "CVE-2011-5024",
"lastModified": "2024-11-21T01:33:26.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-12-29T11:55:10.093",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
],
"url": "https://sitewat.ch/Advisory/View/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"URL Repurposed"
],
"url": "https://sitewat.ch/Advisory/View/3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D6A976-FFEA-4DB6-B002-8036E778C78E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8894855-E303-4B55-B3BC-DCBE3A0AB703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1500D8-952A-46C6-920C-096760C36A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "503D7346-4891-40B1-A0CD-0FACC5359431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "643610C6-99A9-43C9-A8FC-463A244C08DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45C53260-503F-4934-B1FE-9FACD8E0EE66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1b1:*:*:*:*:*:*:*",
"matchCriteriaId": "085C333C-E2E7-4ACD-9CC8-C37C67725954",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via \".../....///\" sequences, which are not properly cleansed by regular expressions that are intended to remove \"../\" and \"./\" sequences."
}
],
"id": "CVE-2005-0202",
"lastModified": "2024-11-20T23:54:37.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031562.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110805795122386\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/14211"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013145"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-674"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-11.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:037"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_07_mailman.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-136.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-137.html"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031562.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110805795122386\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/14211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_07_mailman.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-136.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-137.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10657"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-11-14 05:00
Modified
2024-11-20 23:33
Severity ?
Summary
Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/1667 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/5493 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/1667 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/5493 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D965E3E-E08C-40EA-AF66-470F473F0262",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion."
}
],
"id": "CVE-2000-0861",
"lastModified": "2024-11-20T23:33:26.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-11-14T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1667"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5493"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-16 07:42
Modified
2024-11-21 00:02
Severity ?
Summary
Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0.1 | |
| gnu | mailman | 2.0.2 | |
| gnu | mailman | 2.0.3 | |
| gnu | mailman | 2.0.4 | |
| gnu | mailman | 2.0.5 | |
| gnu | mailman | 2.0.6 | |
| gnu | mailman | 2.0.7 | |
| gnu | mailman | 2.0.8 | |
| gnu | mailman | 2.0.9 | |
| gnu | mailman | 2.0.10 | |
| gnu | mailman | 2.0.11 | |
| gnu | mailman | 2.0.12 | |
| gnu | mailman | 2.0.13 | |
| gnu | mailman | 2.0.14 | |
| gnu | mailman | 2.1 | |
| gnu | mailman | 2.1.1 | |
| gnu | mailman | 2.1.2 | |
| gnu | mailman | 2.1.3 | |
| gnu | mailman | 2.1.4 | |
| gnu | mailman | 2.1.5 | |
| gnu | mailman | 2.1.5.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "EC6B30F6-70A8-43C7-BA5C-6DD8A6ED829D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "767101D3-ABB0-4D34-AA28-75F78A392F39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "BEB60D06-E9D0-4949-8542-334D180F491D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F884774-D1A1-42A6-A3FE-9B0500725666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C56B981-FD66-46F2-806A-3FFDEC520482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3E1994-6CAC-48E9-8438-0D894A76FE66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8742B0-A91D-457D-BF57-06AFC5219BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6F04EDBE-4B04-4B4C-A2BE-5286AC7C8952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "615566E3-9EBD-49B3-9727-0883D3F0334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F59D0CCF-3CD0-4D99-B1F1-38F331422801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FADF5CE8-D072-4CFE-8A96-BA86187B478B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72278005-5F2A-4459-8813-DF7EC2D1F063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4E39A909-E266-4BA9-87C6-DE26052433E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA16FD9-0625-4D3D-9F10-130A28C88DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EE33EFBF-E155-4C3B-93CC-63AA1266A8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2FB70-7EB9-4AA7-9E85-C151C3CC8104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "47F9AC7B-C0EB-4B7F-8997-1491301D0EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D6A976-FFEA-4DB6-B002-8036E778C78E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9D3AFFFD-1BDC-4511-9DA0-56ACD337F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1500D8-952A-46C6-920C-096760C36A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "503D7346-4891-40B1-A0CD-0FACC5359431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "643610C6-99A9-43C9-A8FC-463A244C08DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45C53260-503F-4934-B1FE-9FACD8E0EE66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C670F583-6B60-4D80-A75F-CD53FDDF27D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash)."
}
],
"id": "CVE-2005-3573",
"lastModified": "2024-11-21T00:02:12.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-16T07:42:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732"
},
{
"source": "cve@mitre.org",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0003.html"
},
{
"source": "cve@mitre.org",
"url": "http://mail.python.org/pipermail/mailman-users/2005-September/046523.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17511"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17874"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18456"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18503"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18612"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19167"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19196"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19532"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015735"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-955"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20819"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0204.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15408"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2006/0012/"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-242-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2404"
},
{
"source": "cve@mitre.org",
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23139"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.python.org/pipermail/mailman-users/2005-September/046523.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20819"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0204.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0012/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-242-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10038"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-24 13:15
Modified
2024-11-21 04:59
Severity ?
Summary
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | mailman | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | leap | 15.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAEA26EA-3266-4B64-9B44-F554EA2944E8",
"versionEndExcluding": "2.1.30",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "67E82302-4B77-44F3-97B1-24C18AC4A35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code."
},
{
"lang": "es",
"value": "GNU Mailman versiones 2.x anteriores a la versi\u00f3n 2.1.30, usa una extensi\u00f3n .obj para partes MIME de aplications/octet-stream. Este comportamiento puede contribuir a ataques de tipo XSS contra visitantes de archivos de lista, porque una respuesta HTTP desde un servidor web de archivo puede carecer de un tipo MIME, y un navegador web puede realizar rastreo del MIME, concluir que el tipo MIME deber\u00eda haber sido text/html, y ejecutar c\u00f3digo JavaScript."
}
],
"id": "CVE-2020-12137",
"lastModified": "2024-11-21T04:59:19.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-24T13:15:11.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/24/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YCMGTTOXXCVM4O6CYZLTZDX6YLYORNF/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4COSBBEMJYLV7WSW5QTUJUOFJFK47KK/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4348-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4664"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/02/24/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/02/24/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/24/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YCMGTTOXXCVM4O6CYZLTZDX6YLYORNF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4COSBBEMJYLV7WSW5QTUJUOFJFK47KK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4348-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/02/24/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/02/24/3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-02 14:59
Modified
2024-11-21 02:57
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DCB448AB-B4F6-4CAD-AF43-C5D74E014A5C",
"versionEndIncluding": "2.1.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en la interfaz web administrativa en GNU Mailman en versiones anteriores a 2.1.15 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores."
}
],
"id": "CVE-2016-7123",
"lastModified": "2024-11-21T02:57:31.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-02T14:59:10.427",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92732"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1037160"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/bugs/1614841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/bugs/1614841"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-03-03 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | mailman | 1.0 | |
| gnu | mailman | 1.1 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0.1 | |
| gnu | mailman | 2.0.2 | |
| gnu | mailman | 2.0.3 | |
| gnu | mailman | 2.0.4 | |
| gnu | mailman | 2.0.5 | |
| gnu | mailman | 2.0.6 | |
| gnu | mailman | 2.0.7 | |
| gnu | mailman | 2.0.8 | |
| gnu | mailman | 2.0.9 | |
| gnu | mailman | 2.0.10 | |
| gnu | mailman | 2.0.11 | |
| gnu | mailman | 2.0.12 | |
| gnu | mailman | 2.0.13 | |
| gnu | mailman | 2.1 | |
| sgi | propack | 2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46CF8999-445E-4E03-89F1-81669F9F93D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D965E3E-E08C-40EA-AF66-470F473F0262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64179C1D-C96F-431F-AD80-CBCA77CB9E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "EC6B30F6-70A8-43C7-BA5C-6DD8A6ED829D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "767101D3-ABB0-4D34-AA28-75F78A392F39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "BEB60D06-E9D0-4949-8542-334D180F491D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F884774-D1A1-42A6-A3FE-9B0500725666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C56B981-FD66-46F2-806A-3FFDEC520482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3E1994-6CAC-48E9-8438-0D894A76FE66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8742B0-A91D-457D-BF57-06AFC5219BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6F04EDBE-4B04-4B4C-A2BE-5286AC7C8952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "615566E3-9EBD-49B3-9727-0883D3F0334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F59D0CCF-3CD0-4D99-B1F1-38F331422801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FADF5CE8-D072-4CFE-8A96-BA86187B478B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72278005-5F2A-4459-8813-DF7EC2D1F063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4E39A909-E266-4BA9-87C6-DE26052433E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA16FD9-0625-4D3D-9F10-130A28C88DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EE33EFBF-E155-4C3B-93CC-63AA1266A8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2FB70-7EB9-4AA7-9E85-C151C3CC8104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D6A976-FFEA-4DB6-B002-8036E778C78E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "26430687-409B-448F-934B-06AB937DDF63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands."
},
{
"lang": "es",
"value": "Vulnerabilidad desconocida en el manejador de instrucciones por correo en Mailman anteriores a 2.0.14 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) mediante instrucciones de correo electr\u00f3nico malformadas."
}
],
"id": "CVE-2003-0991",
"lastModified": "2024-11-20T23:46:05.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-03-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000842"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2004-February/000067.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-436"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:013"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-019.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9620"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2004-February/000067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15106"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-06 00:04
Modified
2024-11-21 00:14
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D6A976-FFEA-4DB6-B002-8036E778C78E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8894855-E303-4B55-B3BC-DCBE3A0AB703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9D3AFFFD-1BDC-4511-9DA0-56ACD337F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1500D8-952A-46C6-920C-096760C36A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "503D7346-4891-40B1-A0CD-0FACC5359431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "643610C6-99A9-43C9-A8FC-463A244C08DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45C53260-503F-4934-B1FE-9FACD8E0EE66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C670F583-6B60-4D80-A75F-CD53FDDF27D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A34CBFC5-CB18-4FE4-9B4D-F3280CBCCD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CA788EB3-E162-4752-984D-5601A8C6C770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E2571330-3239-469E-883D-8994257D0C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1b1:*:*:*:*:*:*:*",
"matchCriteriaId": "085C333C-E2E7-4ACD-9CC8-C37C67725954",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Mailman anterior a 2.1.9rc1 permite a un atacante remoto inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2006-3636",
"lastModified": "2024-11-21T00:14:04.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-06T00:04:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"source": "secalert@redhat.com",
"url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0600.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21732"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21792"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/21879"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22011"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22020"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22227"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/22639"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1016808"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2006/dsa-1188"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/19831"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/20021"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-345-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/3446"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28731"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0600.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-345-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10553"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-09-05 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EE33EFBF-E155-4C3B-93CC-63AA1266A8A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber\u0027s list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en Mailman 2.0.12 permite a atacantes remotos la ejecuci\u00f3n de rutinas como otro usuario mediante las opciones de subscripci\u00f3n de la lista de subscriptores."
}
],
"id": "CVE-2002-0855",
"lastModified": "2024-11-20T23:40:02.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-09-05T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0268.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000522"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2002-July/000043.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2002/dsa-147"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9985.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-176.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-177.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-178.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-181.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0268.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2002-July/000043.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2002/dsa-147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9985.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-176.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-177.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-178.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-181.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5298"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-05-03 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5160E4FB-191C-4BB4-8D9D-DA1A3B33D77E",
"versionEndIncluding": "2.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords."
}
],
"id": "CVE-2001-0290",
"lastModified": "2024-11-20T23:35:02.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-05-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0031.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-06-18 04:00
Modified
2024-11-20 23:38
Severity ?
Summary
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60AD053B-1E35-4AB6-BCCC-96D571C11B37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives."
}
],
"id": "CVE-2002-0389",
"lastModified": "2024-11-20T23:38:57.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-06-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101902003314968\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1417.html"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/tracker/?func=detail\u0026atid=100103\u0026aid=474616\u0026group_id=103"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8874.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101902003314968\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1417.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/tracker/?func=detail\u0026atid=100103\u0026aid=474616\u0026group_id=103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8874.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4538"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat does not intend to take any action on this issue. This is the expected behavior of Mailman and is not considered to be a security flaw by upstream. If Mailman upstream addresses this issue in a future update, we may revisit our decision.",
"lastModified": "2016-12-27T21:59:00.243",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-07 19:04
Modified
2024-11-21 00:16
Severity ?
Summary
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42856677-9290-4B21-AE1F-0F217B0D80AC",
"versionEndIncluding": "2.1.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n CRLF en Utils.py de Mailman anterior a 2.1.9rc1 permite a atacantes remotos suplantar mensajes en el log de errores y posiblemente enga\u00f1ar al administrador para que visite URLs maliciosas mediante secuencias CLRF en la URI."
}
],
"id": "CVE-2006-4624",
"lastModified": "2024-11-21T00:16:24.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-09-07T19:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"source": "cve@mitre.org",
"url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21732"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22011"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22020"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22227"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22639"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27669"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295"
},
{
"source": "cve@mitre.org",
"url": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859\u0026r2=7923"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1188"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0779.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19831"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20021"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3446"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28734"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859\u0026r2=7923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0779.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205651\n\nThe Red Hat Security Response Team has rated this issue as having low security impact and expects to release a future update to address this flaw. More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\nThe risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 and 3 which are in maintenance mode.\n\nThis bug will be addressed in a future update of Red Hat Enterprise Linux 4.",
"lastModified": "2007-09-05T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-11 19:06
Modified
2024-11-21 00:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CA788EB3-E162-4752-984D-5601A8C6C770",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument."
}
],
"id": "CVE-2006-1712",
"lastModified": "2024-11-21T00:09:33.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-04-11T19:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=129136"
},
{
"source": "cve@mitre.org",
"url": "http://mail.python.org/pipermail/mailman-announce/2006-April/000084.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19558"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015876"
},
{
"source": "cve@mitre.org",
"url": "http://www.mail-archive.com/mailman-checkins%40python.org/msg06273.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24442"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17403"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=129136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.python.org/pipermail/mailman-announce/2006-April/000084.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mail-archive.com/mailman-checkins%40python.org/msg06273.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1269"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-15 20:16
Modified
2024-11-21 06:10
Severity ?
Summary
An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99971A86-88D5-464B-B972-05EF98C89621",
"versionEndExcluding": "3.3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces."
}
],
"id": "CVE-2021-34337",
"lastModified": "2024-11-21T06:10:11.600",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-15T20:16:00.623",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a196bb51"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://gitlab.com/mailman/mailman/-/issues/911"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://gitlab.com/mailman/mailman/-/tags"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a196bb51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://gitlab.com/mailman/mailman/-/issues/911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://gitlab.com/mailman/mailman/-/tags"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-31 11:06
Modified
2024-11-21 00:05
Severity ?
Summary
The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | mailman | 1.0 | |
| gnu | mailman | 1.1 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0.1 | |
| gnu | mailman | 2.0.2 | |
| gnu | mailman | 2.0.3 | |
| gnu | mailman | 2.0.4 | |
| gnu | mailman | 2.0.5 | |
| gnu | mailman | 2.0.6 | |
| gnu | mailman | 2.0.7 | |
| gnu | mailman | 2.0.8 | |
| gnu | mailman | 2.0.9 | |
| gnu | mailman | 2.0.10 | |
| gnu | mailman | 2.0.11 | |
| gnu | mailman | 2.0.12 | |
| gnu | mailman | 2.0.13 | |
| gnu | mailman | 2.0.14 | |
| gnu | mailman | 2.1 | |
| gnu | mailman | 2.1.1 | |
| gnu | mailman | 2.1.2 | |
| gnu | mailman | 2.1.3 | |
| gnu | mailman | 2.1.4 | |
| gnu | mailman | 2.1.5 | |
| gnu | mailman | 2.1b1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46CF8999-445E-4E03-89F1-81669F9F93D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D965E3E-E08C-40EA-AF66-470F473F0262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64179C1D-C96F-431F-AD80-CBCA77CB9E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "EC6B30F6-70A8-43C7-BA5C-6DD8A6ED829D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "767101D3-ABB0-4D34-AA28-75F78A392F39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "BEB60D06-E9D0-4949-8542-334D180F491D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F884774-D1A1-42A6-A3FE-9B0500725666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C56B981-FD66-46F2-806A-3FFDEC520482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3E1994-6CAC-48E9-8438-0D894A76FE66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8742B0-A91D-457D-BF57-06AFC5219BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6F04EDBE-4B04-4B4C-A2BE-5286AC7C8952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "615566E3-9EBD-49B3-9727-0883D3F0334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F59D0CCF-3CD0-4D99-B1F1-38F331422801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FADF5CE8-D072-4CFE-8A96-BA86187B478B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72278005-5F2A-4459-8813-DF7EC2D1F063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4E39A909-E266-4BA9-87C6-DE26052433E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA16FD9-0625-4D3D-9F10-130A28C88DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EE33EFBF-E155-4C3B-93CC-63AA1266A8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2FB70-7EB9-4AA7-9E85-C151C3CC8104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "47F9AC7B-C0EB-4B7F-8997-1491301D0EF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D6A976-FFEA-4DB6-B002-8036E778C78E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8894855-E303-4B55-B3BC-DCBE3A0AB703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1500D8-952A-46C6-920C-096760C36A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "503D7346-4891-40B1-A0CD-0FACC5359431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "643610C6-99A9-43C9-A8FC-463A244C08DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45C53260-503F-4934-B1FE-9FACD8E0EE66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1b1:*:*:*:*:*:*:*",
"matchCriteriaId": "085C333C-E2E7-4ACD-9CC8-C37C67725954",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python\u0027s library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary."
}
],
"id": "CVE-2006-0052",
"lastModified": "2024-11-21T00:05:32.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-31T11:06:00.000",
"references": [
{
"source": "security@debian.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358892"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19522"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19545"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/19571"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/20624"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/20782"
},
{
"source": "security@debian.org",
"url": "http://securitytracker.com/id?1015851"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2006/dsa-1027"
},
{
"source": "security@debian.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:061"
},
{
"source": "security@debian.org",
"url": "http://www.novell.com/linux/security/advisories/2006_08_sr.html"
},
{
"source": "security@debian.org",
"url": "http://www.osvdb.org/24367"
},
{
"source": "security@debian.org",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0486.html"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17311"
},
{
"source": "security@debian.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9475"
},
{
"source": "security@debian.org",
"url": "https://usn.ubuntu.com/267-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_08_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0486.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/267-1/"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-02-07 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D6A976-FFEA-4DB6-B002-8036E778C78E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en options.py en Mailman 2.1 y anteriores permite a atacantes remotos inyectar script o HTML en p\u00e1ginas web mediante correo electr\u00f3nico o par\u00e1metros de lenguaje."
}
],
"id": "CVE-2003-0038",
"lastModified": "2024-11-20T23:43:47.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-02-07T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104342745916111"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-436"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9205"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6677"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1005987"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104342745916111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2004/dsa-436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1005987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11152"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | mailman | 1.0 | |
| gnu | mailman | 1.1 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0 | |
| gnu | mailman | 2.0.1 | |
| gnu | mailman | 2.0.2 | |
| gnu | mailman | 2.0.3 | |
| gnu | mailman | 2.0.4 | |
| gnu | mailman | 2.0.5 | |
| gnu | mailman | 2.0.6 | |
| gnu | mailman | 2.0.7 | |
| gnu | mailman | 2.0.8 | |
| gnu | mailman | 2.0.9 | |
| gnu | mailman | 2.0.10 | |
| gnu | mailman | 2.0.11 | |
| gnu | mailman | 2.0.12 | |
| gnu | mailman | 2.0.13 | |
| gnu | mailman | 2.1 | |
| gnu | mailman | 2.1.1 | |
| gnu | mailman | 2.1.2 | |
| gnu | mailman | 2.1.3 | |
| gnu | mailman | 2.1.4 | |
| gnu | mailman | 2.1b1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46CF8999-445E-4E03-89F1-81669F9F93D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D965E3E-E08C-40EA-AF66-470F473F0262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64179C1D-C96F-431F-AD80-CBCA77CB9E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "EC6B30F6-70A8-43C7-BA5C-6DD8A6ED829D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "767101D3-ABB0-4D34-AA28-75F78A392F39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "BEB60D06-E9D0-4949-8542-334D180F491D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F884774-D1A1-42A6-A3FE-9B0500725666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C56B981-FD66-46F2-806A-3FFDEC520482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3E1994-6CAC-48E9-8438-0D894A76FE66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DB8742B0-A91D-457D-BF57-06AFC5219BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6F04EDBE-4B04-4B4C-A2BE-5286AC7C8952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "615566E3-9EBD-49B3-9727-0883D3F0334B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F59D0CCF-3CD0-4D99-B1F1-38F331422801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FADF5CE8-D072-4CFE-8A96-BA86187B478B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72278005-5F2A-4459-8813-DF7EC2D1F063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4E39A909-E266-4BA9-87C6-DE26052433E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA16FD9-0625-4D3D-9F10-130A28C88DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "EE33EFBF-E155-4C3B-93CC-63AA1266A8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "78F2FB70-7EB9-4AA7-9E85-C151C3CC8104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D6A976-FFEA-4DB6-B002-8036E778C78E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8894855-E303-4B55-B3BC-DCBE3A0AB703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1500D8-952A-46C6-920C-096760C36A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "503D7346-4891-40B1-A0CD-0FACC5359431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "643610C6-99A9-43C9-A8FC-463A244C08DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1b1:*:*:*:*:*:*:*",
"matchCriteriaId": "085C333C-E2E7-4ACD-9CC8-C37C67725954",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack."
}
],
"id": "CVE-2004-1143",
"lastModified": "2024-11-20T23:50:12.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286796"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110549296126351\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/13603/"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_07_mailman.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110549296126351\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/13603/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_07_mailman.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18857"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-13 14:59
Modified
2024-11-21 02:28
Severity ?
Summary
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| debian | debian_linux | 7.0 | |
| redhat | enterprise_linux | 7.0 | |
| gnu | mailman | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D12BCF8B-CA13-4A87-9498-C01C4F58980F",
"versionEndIncluding": "2.1.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en GNU Mailman anterior a 2.1.20, cuando no utiliza un alias est\u00e1tico, permite a atacantes remotos ejecutar ficheros arbitrarios a trav\u00e9s de un .. (punto punto) en un nombre de lista."
}
],
"id": "CVE-2015-2775",
"lastModified": "2024-11-21T02:28:02.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-13T14:59:02.397",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154911.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156742.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1153.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1417.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3214"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/73922"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1032033"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2558-1"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/mailman/+bug/1437145"
},
{
"source": "cve@mitre.org",
"url": "https://mail.python.org/pipermail/mailman-announce/2015-March/000209.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mail.python.org/pipermail/mailman-developers/2015-March/024871.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://mail.python.org/pipermail/mailman-developers/2015-March/024875.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154911.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156742.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1153.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1417.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/73922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2558-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/mailman/+bug/1437145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://mail.python.org/pipermail/mailman-announce/2015-March/000209.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mail.python.org/pipermail/mailman-developers/2015-March/024871.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://mail.python.org/pipermail/mailman-developers/2015-March/024875.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-21 01:15
Modified
2024-11-21 06:27
Severity ?
Summary
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/10/21/4 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | https://bugs.launchpad.net/mailman/+bug/1947639 | Patch, Third Party Advisory | |
| cve@mitre.org | https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/ | ||
| cve@mitre.org | https://www.debian.org/security/2021/dsa-4991 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/10/21/4 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mailman/+bug/1947639 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2021/dsa-4991 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | mailman | * | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD63075-218B-47B2-9E0B-FE13FAEDEDAB",
"versionEndExcluding": "2.1.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password."
},
{
"lang": "es",
"value": "GNU Mailman versiones anteriores a 2.1.35, puede permitir una Escalada de Privilegios remota. Un determinado valor de csrf_token es derivado de la contrase\u00f1a del administrador, y puede ser \u00fatil para llevar a cabo un ataque de fuerza bruta contra esa contrase\u00f1a"
}
],
"id": "CVE-2021-42096",
"lastModified": "2024-11-21T06:27:15.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-21T01:15:06.893",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/21/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1947639"
},
{
"source": "cve@mitre.org",
"url": "https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/21/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1947639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4991"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-24 12:15
Modified
2024-11-21 05:04
Severity ?
Summary
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | mailman | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29388F7C-C5E6-4748-B35B-7037792B47B6",
"versionEndExcluding": "2.1.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page."
},
{
"lang": "es",
"value": "GNU Mailman versiones anteriores a 2.1.33, permite una inyecci\u00f3n de contenido arbitrario por medio de la p\u00e1gina de inicio de sesi\u00f3n del archivo privado Cgi/private.py"
}
],
"id": "CVE-2020-15011",
"lastModified": "2024-11-21T05:04:37.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-24T12:15:10.863",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1877379"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00036.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4406-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1877379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4406-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4991"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-12 18:29
Modified
2024-11-21 03:48
Severity ?
Summary
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.launchpad.net/mailman/+bug/1780874 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201904-10 | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4348-1/ | ||
| cve@mitre.org | https://www.mail-archive.com/mailman-users%40python.org/msg71003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/mailman/+bug/1780874 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201904-10 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4348-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mail-archive.com/mailman-users%40python.org/msg71003.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A642C9F8-8CF9-4157-812B-24BBA5752B56",
"versionEndExcluding": "2.1.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en GNU Mailman en versiones anteriores a la 2.1.28. Una URL manipulada podr\u00eda provocar que el texto arbitrario se muestre en una p\u00e1gina web de un sitio fiable."
}
],
"id": "CVE-2018-13796",
"lastModified": "2024-11-21T03:48:02.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-12T18:29:00.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1780874"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201904-10"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4348-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.mail-archive.com/mailman-users%40python.org/msg71003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1780874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201904-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4348-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.mail-archive.com/mailman-users%40python.org/msg71003.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-06 15:15
Modified
2024-11-21 04:59
Severity ?
Summary
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | mailman | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 31 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | backports_sle | 15.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D0E7D5-6A8B-4413-9363-43E5B26B7C38",
"versionEndExcluding": "2.1.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "67E82302-4B77-44F3-97B1-24C18AC4A35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection."
},
{
"lang": "es",
"value": "El archivo /options/mailman en GNU Mailman versiones anteriores a 2.1.31, permite una Inyecci\u00f3n de Contenido Arbitrario."
}
],
"id": "CVE-2020-12108",
"lastModified": "2024-11-21T04:59:15.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-06T15:15:11.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1873722"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://code.launchpad.net/mailman"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74EQIVFB34Q4UYAQLCUWG55YLKAUWCHD/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://mail.python.org/pipermail/mailman-announce/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4354-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1873722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://code.launchpad.net/mailman"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74EQIVFB34Q4UYAQLCUWG55YLKAUWCHD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://mail.python.org/pipermail/mailman-announce/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4354-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4991"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-11 02:03
Modified
2024-11-21 00:03
Severity ?
Summary
Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "643610C6-99A9-43C9-A8FC-463A244C08DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45C53260-503F-4934-B1FE-9FACD8E0EE66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:mailman:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A34CBFC5-CB18-4FE4-9B4D-F3280CBCCD6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to \"fail with an Overflow on bad date data in a processed message,\" a different vulnerability than CVE-2005-3573."
},
{
"lang": "es",
"value": "Mailman 2.1.4 a 2.1.6 permite a atacantes remotos causar una denegaci\u00f3n de servicio mediante un mensaje que causa que el servidor \"falle con un desbordamiento en datos de fecha incorrectos en un mensaje procesado\", una vulnerabilidad diferente de CVE-2005-3572."
}
],
"id": "CVE-2005-4153",
"lastModified": "2024-11-21T00:03:34.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-11T02:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18449"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18456"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18612"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19167"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19196"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19532"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-955"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/21723"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0204.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16248"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2006/0012/"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-242-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23139"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0204.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0012/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-242-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2001-0884
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:37
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2001-169.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/archive/1/242839 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2001-168.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2001-170.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7617 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/3602 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/advisories/3721 | vendor-advisory, x_refsource_CONECTIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:07.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2001:169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-169.html"
},
{
"name": "20011128 Cgisecurity.com Advisory #7: Mailman Email Archive Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/242839"
},
{
"name": "RHSA-2001:168",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-168.html"
},
{
"name": "RHSA-2001:170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-170.html"
},
{
"name": "mailman-java-css(7617)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7617"
},
{
"name": "3602",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3602"
},
{
"name": "CLA-2001:445",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/3721"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2001-12-25T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2001:169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-169.html"
},
{
"name": "20011128 Cgisecurity.com Advisory #7: Mailman Email Archive Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/242839"
},
{
"name": "RHSA-2001:168",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-168.html"
},
{
"name": "RHSA-2001:170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-170.html"
},
{
"name": "mailman-java-css(7617)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7617"
},
{
"name": "3602",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3602"
},
{
"name": "CLA-2001:445",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://www.securityfocus.com/advisories/3721"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2001:169",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-169.html"
},
{
"name": "20011128 Cgisecurity.com Advisory #7: Mailman Email Archive Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/242839"
},
{
"name": "RHSA-2001:168",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-168.html"
},
{
"name": "RHSA-2001:170",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-170.html"
},
{
"name": "mailman-java-css(7617)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7617"
},
{
"name": "3602",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3602"
},
{
"name": "CLA-2001:445",
"refsource": "CONECTIVA",
"url": "http://www.securityfocus.com/advisories/3721"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0884",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2001-12-13T00:00:00",
"dateUpdated": "2024-08-08T04:37:07.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0707
Vulnerability from cvelistv5
Published
2011-02-22 18:00
Modified
2024-08-06 21:58
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:26.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-0487",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0487"
},
{
"name": "FEDORA-2011-2102",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056387.html"
},
{
"name": "RHSA-2011:0307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
},
{
"name": "70936",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70936"
},
{
"name": "43294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43294"
},
{
"name": "ADV-2011-0720",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0720"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "ADV-2011-0435",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0435"
},
{
"name": "ADV-2011-0460",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0460"
},
{
"name": "openSUSE-SU-2011:0424",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html"
},
{
"name": "DSA-2170",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2170"
},
{
"name": "[mailman-announce] 20110213 Mailman Security Patch Announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2011-February/000157.html"
},
{
"name": "USN-1069-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1069-1"
},
{
"name": "RHSA-2011:0308",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0308.html"
},
{
"name": "ADV-2011-0436",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0436"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "MDVSA-2011:036",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:036"
},
{
"name": "[mailman-announce] 20110218 Mailman Security Patch Announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2011-February/000158.html"
},
{
"name": "46464",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46464"
},
{
"name": "1025106",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025106"
},
{
"name": "43829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43829"
},
{
"name": "43425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43425"
},
{
"name": "ADV-2011-0542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0542"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "43389",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43389"
},
{
"name": "mailman-fullname-xss(65538)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65538"
},
{
"name": "FEDORA-2011-2125",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056363.html"
},
{
"name": "43580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43580"
},
{
"name": "FEDORA-2011-2030",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056399.html"
},
{
"name": "43549",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43549"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2011-0487",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0487"
},
{
"name": "FEDORA-2011-2102",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056387.html"
},
{
"name": "RHSA-2011:0307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
},
{
"name": "70936",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70936"
},
{
"name": "43294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43294"
},
{
"name": "ADV-2011-0720",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0720"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "ADV-2011-0435",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0435"
},
{
"name": "ADV-2011-0460",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0460"
},
{
"name": "openSUSE-SU-2011:0424",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html"
},
{
"name": "DSA-2170",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2170"
},
{
"name": "[mailman-announce] 20110213 Mailman Security Patch Announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2011-February/000157.html"
},
{
"name": "USN-1069-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1069-1"
},
{
"name": "RHSA-2011:0308",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0308.html"
},
{
"name": "ADV-2011-0436",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0436"
},
{
"name": "APPLE-SA-2011-10-12-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html"
},
{
"name": "MDVSA-2011:036",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:036"
},
{
"name": "[mailman-announce] 20110218 Mailman Security Patch Announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2011-February/000158.html"
},
{
"name": "46464",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46464"
},
{
"name": "1025106",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025106"
},
{
"name": "43829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43829"
},
{
"name": "43425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43425"
},
{
"name": "ADV-2011-0542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0542"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5002"
},
{
"name": "43389",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43389"
},
{
"name": "mailman-fullname-xss(65538)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65538"
},
{
"name": "FEDORA-2011-2125",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056363.html"
},
{
"name": "43580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43580"
},
{
"name": "FEDORA-2011-2030",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056399.html"
},
{
"name": "43549",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43549"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0707",
"datePublished": "2011-02-22T18:00:00",
"dateReserved": "2011-01-31T00:00:00",
"dateUpdated": "2024-08-06T21:58:26.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0701
Vulnerability from cvelistv5
Published
2000-09-21 04:00
Modified
2024-08-08 05:28
Severity ?
EPSS score ?
Summary
The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/73220 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2000-030.html | vendor-advisory, x_refsource_REDHAT | |
| http://archives.neohapsis.com/archives/bugtraq/2000-07/0479.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2000-07/0474.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/1539 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000802105050.A11733%40rak.isternet.sk | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:28:41.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000801 Advisory: mailman local compromise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/73220"
},
{
"name": "RHSA-2000:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-030.html"
},
{
"name": "20000802 MDKSA-2000:030 - Linux-Mandrake not affected by mailman problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0479.html"
},
{
"name": "20000802 CONECTIVA LINUX SECURITY ANNOUNCEMENT - mailman",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0474.html"
},
{
"name": "1539",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1539"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000802105050.A11733%40rak.isternet.sk"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000801 Advisory: mailman local compromise",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/73220"
},
{
"name": "RHSA-2000:030",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-030.html"
},
{
"name": "20000802 MDKSA-2000:030 - Linux-Mandrake not affected by mailman problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0479.html"
},
{
"name": "20000802 CONECTIVA LINUX SECURITY ANNOUNCEMENT - mailman",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0474.html"
},
{
"name": "1539",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1539"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000802105050.A11733%40rak.isternet.sk"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000801 Advisory: mailman local compromise",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/73220"
},
{
"name": "RHSA-2000:030",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-030.html"
},
{
"name": "20000802 MDKSA-2000:030 - Linux-Mandrake not affected by mailman problem",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0479.html"
},
{
"name": "20000802 CONECTIVA LINUX SECURITY ANNOUNCEMENT - mailman",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0474.html"
},
{
"name": "1539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1539"
},
{
"name": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000802105050.A11733@rak.isternet.sk",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000802105050.A11733@rak.isternet.sk"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0701",
"datePublished": "2000-09-21T04:00:00",
"dateReserved": "2000-09-19T00:00:00",
"dateUpdated": "2024-08-08T05:28:41.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0388
Vulnerability from cvelistv5
Published
2002-05-31 04:00
Modified
2024-08-08 02:49
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries.
References
| ▼ | URL | Tags |
|---|---|---|
| http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/4826 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:49:27.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html"
},
{
"name": "4826",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4826"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-07-16T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html"
},
{
"name": "4826",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4826"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html",
"refsource": "CONFIRM",
"url": "http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html"
},
{
"name": "4826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4826"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0388",
"datePublished": "2002-05-31T04:00:00",
"dateReserved": "2002-05-23T00:00:00",
"dateUpdated": "2024-08-08T02:49:27.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0052
Vulnerability from cvelistv5
Published
2006-03-31 11:00
Modified
2024-08-07 16:18
Severity ?
EPSS score ?
Summary
The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19522"
},
{
"name": "20782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20782"
},
{
"name": "oval:org.mitre.oval:def:9475",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9475"
},
{
"name": "17311",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17311"
},
{
"name": "20624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20624"
},
{
"name": "20060602-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
},
{
"name": "DSA-1027",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1027"
},
{
"name": "RHSA-2006:0486",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0486.html"
},
{
"name": "SUSE-SR:2006:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_08_sr.html"
},
{
"name": "MDKSA-2006:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:061"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358892"
},
{
"name": "1015851",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015851"
},
{
"name": "19545",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19545"
},
{
"name": "19571",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19571"
},
{
"name": "USN-267-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/267-1/"
},
{
"name": "24367",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24367"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python\u0027s library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "19522",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19522"
},
{
"name": "20782",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20782"
},
{
"name": "oval:org.mitre.oval:def:9475",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9475"
},
{
"name": "17311",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17311"
},
{
"name": "20624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20624"
},
{
"name": "20060602-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
},
{
"name": "DSA-1027",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1027"
},
{
"name": "RHSA-2006:0486",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0486.html"
},
{
"name": "SUSE-SR:2006:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_08_sr.html"
},
{
"name": "MDKSA-2006:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:061"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358892"
},
{
"name": "1015851",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015851"
},
{
"name": "19545",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19545"
},
{
"name": "19571",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19571"
},
{
"name": "USN-267-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/267-1/"
},
{
"name": "24367",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24367"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-0052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python\u0027s library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19522"
},
{
"name": "20782",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20782"
},
{
"name": "oval:org.mitre.oval:def:9475",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9475"
},
{
"name": "17311",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17311"
},
{
"name": "20624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20624"
},
{
"name": "20060602-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
},
{
"name": "DSA-1027",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1027"
},
{
"name": "RHSA-2006:0486",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0486.html"
},
{
"name": "SUSE-SR:2006:008",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_08_sr.html"
},
{
"name": "MDKSA-2006:061",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:061"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358892",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358892"
},
{
"name": "1015851",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015851"
},
{
"name": "19545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19545"
},
{
"name": "19571",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19571"
},
{
"name": "USN-267-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/267-1/"
},
{
"name": "24367",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24367"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-0052",
"datePublished": "2006-03-31T11:00:00",
"dateReserved": "2005-12-28T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-2775
Vulnerability from cvelistv5
Published
2015-04-13 14:00
Modified
2024-08-06 05:24
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:38.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1437145"
},
{
"name": "DSA-3214",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3214"
},
{
"name": "RHSA-2015:1153",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1153.html"
},
{
"name": "RHSA-2015:1417",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1417.html"
},
{
"name": "FEDORA-2015-5333",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154911.html"
},
{
"name": "USN-2558-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2558-1"
},
{
"name": "FEDORA-2015-5216",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156742.html"
},
{
"name": "[Mailman-Developers] 20150327 Security patch and Mailman 2.1.20 to be released on 31 March",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://mail.python.org/pipermail/mailman-developers/2015-March/024871.html"
},
{
"name": "[Mailman-Announce] 20150327 Mailman 2.1.20 release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://mail.python.org/pipermail/mailman-announce/2015-March/000209.html"
},
{
"name": "[Mailman-Developers] 20150331 Security patch and Mailman 2.1.20 to be released on 31 March",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://mail.python.org/pipermail/mailman-developers/2015-March/024875.html"
},
{
"name": "1032033",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032033"
},
{
"name": "73922",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73922"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1437145"
},
{
"name": "DSA-3214",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3214"
},
{
"name": "RHSA-2015:1153",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1153.html"
},
{
"name": "RHSA-2015:1417",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1417.html"
},
{
"name": "FEDORA-2015-5333",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154911.html"
},
{
"name": "USN-2558-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2558-1"
},
{
"name": "FEDORA-2015-5216",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156742.html"
},
{
"name": "[Mailman-Developers] 20150327 Security patch and Mailman 2.1.20 to be released on 31 March",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://mail.python.org/pipermail/mailman-developers/2015-March/024871.html"
},
{
"name": "[Mailman-Announce] 20150327 Mailman 2.1.20 release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://mail.python.org/pipermail/mailman-announce/2015-March/000209.html"
},
{
"name": "[Mailman-Developers] 20150331 Security patch and Mailman 2.1.20 to be released on 31 March",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://mail.python.org/pipermail/mailman-developers/2015-March/024875.html"
},
{
"name": "1032033",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032033"
},
{
"name": "73922",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73922"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-2775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mailman/+bug/1437145",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mailman/+bug/1437145"
},
{
"name": "DSA-3214",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3214"
},
{
"name": "RHSA-2015:1153",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1153.html"
},
{
"name": "RHSA-2015:1417",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1417.html"
},
{
"name": "FEDORA-2015-5333",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154911.html"
},
{
"name": "USN-2558-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2558-1"
},
{
"name": "FEDORA-2015-5216",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156742.html"
},
{
"name": "[Mailman-Developers] 20150327 Security patch and Mailman 2.1.20 to be released on 31 March",
"refsource": "MLIST",
"url": "https://mail.python.org/pipermail/mailman-developers/2015-March/024871.html"
},
{
"name": "[Mailman-Announce] 20150327 Mailman 2.1.20 release",
"refsource": "MLIST",
"url": "https://mail.python.org/pipermail/mailman-announce/2015-March/000209.html"
},
{
"name": "[Mailman-Developers] 20150331 Security patch and Mailman 2.1.20 to be released on 31 March",
"refsource": "MLIST",
"url": "https://mail.python.org/pipermail/mailman-developers/2015-March/024875.html"
},
{
"name": "1032033",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032033"
},
{
"name": "73922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73922"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2775",
"datePublished": "2015-04-13T14:00:00",
"dateReserved": "2015-03-27T00:00:00",
"dateUpdated": "2024-08-06T05:24:38.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2191
Vulnerability from cvelistv5
Published
2006-09-19 21:00
Modified
2024-08-07 17:43
Severity ?
EPSS score ?
Summary
Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/22639 | third-party-advisory, x_refsource_SECUNIA | |
| http://people.debian.org/~terpstra/message/20060906.155339.0c0732a4.en.html | mailing-list, x_refsource_MLIST | |
| http://www.novell.com/linux/security/advisories/2006_25_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/21732 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:27.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name": "22639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22639"
},
{
"name": "[security] 20060906 Re: mailman 2.1.5-8sarge3: screwup between security and maintainer upload",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://people.debian.org/~terpstra/message/20060906.155339.0c0732a4.en.html"
},
{
"name": "SUSE-SR:2006:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name": "21732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21732"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is \"unexploitable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-08-29T17:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name": "22639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22639"
},
{
"name": "[security] 20060906 Re: mailman 2.1.5-8sarge3: screwup between security and maintainer upload",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://people.debian.org/~terpstra/message/20060906.155339.0c0732a4.en.html"
},
{
"name": "SUSE-SR:2006:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name": "21732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21732"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-2191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is \"unexploitable.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"refsource": "MLIST",
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name": "22639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22639"
},
{
"name": "[security] 20060906 Re: mailman 2.1.5-8sarge3: screwup between security and maintainer upload",
"refsource": "MLIST",
"url": "http://people.debian.org/~terpstra/message/20060906.155339.0c0732a4.en.html"
},
{
"name": "SUSE-SR:2006:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name": "21732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21732"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-2191",
"datePublished": "2006-09-19T21:00:00",
"dateReserved": "2006-05-04T00:00:00",
"dateUpdated": "2024-08-07T17:43:27.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3636
Vulnerability from cvelistv5
Published
2006-09-06 00:00
Modified
2024-08-07 18:39
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3446",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3446"
},
{
"name": "DSA-1188",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1188"
},
{
"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name": "19831",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19831"
},
{
"name": "22639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22639"
},
{
"name": "1016808",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016808"
},
{
"name": "21879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21879"
},
{
"name": "20021",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20021"
},
{
"name": "oval:org.mitre.oval:def:10553",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10553"
},
{
"name": "USN-345-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-345-1"
},
{
"name": "GLSA-200609-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"name": "20060913 Mailman 2.1.8 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"
},
{
"name": "22227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22227"
},
{
"name": "SUSE-SR:2006:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name": "MDKSA-2006:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"name": "21792",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21792"
},
{
"name": "RHSA-2006:0600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0600.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295"
},
{
"name": "21732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21732"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"
},
{
"name": "22011",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22011"
},
{
"name": "22020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22020"
},
{
"name": "mailman-unspecified-xss(28731)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28731"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2006-3446",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3446"
},
{
"name": "DSA-1188",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1188"
},
{
"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name": "19831",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19831"
},
{
"name": "22639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22639"
},
{
"name": "1016808",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016808"
},
{
"name": "21879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21879"
},
{
"name": "20021",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20021"
},
{
"name": "oval:org.mitre.oval:def:10553",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10553"
},
{
"name": "USN-345-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-345-1"
},
{
"name": "GLSA-200609-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"name": "20060913 Mailman 2.1.8 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"
},
{
"name": "22227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22227"
},
{
"name": "SUSE-SR:2006:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name": "MDKSA-2006:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"name": "21792",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21792"
},
{
"name": "RHSA-2006:0600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0600.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295"
},
{
"name": "21732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21732"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"
},
{
"name": "22011",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22011"
},
{
"name": "22020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22020"
},
{
"name": "mailman-unspecified-xss(28731)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28731"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-3636",
"datePublished": "2006-09-06T00:00:00",
"dateReserved": "2006-07-17T00:00:00",
"dateUpdated": "2024-08-07T18:39:53.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6893
Vulnerability from cvelistv5
Published
2016-09-02 14:00
Modified
2024-08-06 01:43
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2016/dsa-3668 | vendor-advisory, x_refsource_DEBIAN | |
| https://bugs.launchpad.net/bugs/1614841 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/92731 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036728 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:38.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3668",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3668"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/bugs/1614841"
},
{
"name": "92731",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92731"
},
{
"name": "1036728",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim\u0027s account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-12T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3668",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3668"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/bugs/1614841"
},
{
"name": "92731",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92731"
},
{
"name": "1036728",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim\u0027s account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3668",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3668"
},
{
"name": "https://bugs.launchpad.net/bugs/1614841",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/bugs/1614841"
},
{
"name": "92731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92731"
},
{
"name": "1036728",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6893",
"datePublished": "2016-09-02T14:00:00",
"dateReserved": "2016-08-19T00:00:00",
"dateUpdated": "2024-08-06T01:43:38.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12108
Vulnerability from cvelistv5
Published
2020-05-06 14:50
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://code.launchpad.net/mailman"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mail.python.org/pipermail/mailman-announce/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1873722"
},
{
"name": "[debian-lts-announce] 20200507 [SECURITY] [DLA 2204-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00007.html"
},
{
"name": "openSUSE-SU-2020:0661",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html"
},
{
"name": "USN-4354-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4354-1/"
},
{
"name": "openSUSE-SU-2020:0764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00003.html"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2276-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html"
},
{
"name": "FEDORA-2020-62f2df3ca4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74EQIVFB34Q4UYAQLCUWG55YLKAUWCHD/"
},
{
"name": "openSUSE-SU-2020:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html"
},
{
"name": "openSUSE-SU-2020:1752",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html"
},
{
"name": "DSA-4991",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-23T10:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://code.launchpad.net/mailman"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mail.python.org/pipermail/mailman-announce/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1873722"
},
{
"name": "[debian-lts-announce] 20200507 [SECURITY] [DLA 2204-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00007.html"
},
{
"name": "openSUSE-SU-2020:0661",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html"
},
{
"name": "USN-4354-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4354-1/"
},
{
"name": "openSUSE-SU-2020:0764",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00003.html"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2276-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html"
},
{
"name": "FEDORA-2020-62f2df3ca4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74EQIVFB34Q4UYAQLCUWG55YLKAUWCHD/"
},
{
"name": "openSUSE-SU-2020:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html"
},
{
"name": "openSUSE-SU-2020:1752",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html"
},
{
"name": "DSA-4991",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4991"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.launchpad.net/mailman",
"refsource": "MISC",
"url": "https://code.launchpad.net/mailman"
},
{
"name": "https://mail.python.org/pipermail/mailman-announce/",
"refsource": "MISC",
"url": "https://mail.python.org/pipermail/mailman-announce/"
},
{
"name": "https://bugs.launchpad.net/mailman/+bug/1873722",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mailman/+bug/1873722"
},
{
"name": "[debian-lts-announce] 20200507 [SECURITY] [DLA 2204-1] mailman security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00007.html"
},
{
"name": "openSUSE-SU-2020:0661",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html"
},
{
"name": "USN-4354-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4354-1/"
},
{
"name": "openSUSE-SU-2020:0764",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00003.html"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2276-1] mailman security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html"
},
{
"name": "FEDORA-2020-62f2df3ca4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/74EQIVFB34Q4UYAQLCUWG55YLKAUWCHD/"
},
{
"name": "openSUSE-SU-2020:1707",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html"
},
{
"name": "openSUSE-SU-2020:1752",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html"
},
{
"name": "DSA-4991",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4991"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12108",
"datePublished": "2020-05-06T14:50:33",
"dateReserved": "2020-04-23T00:00:00",
"dateUpdated": "2024-08-04T11:48:58.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0182
Vulnerability from cvelistv5
Published
2004-04-17 04:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2004-156.html | vendor-advisory, x_refsource_REDHAT | |
| ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc | vendor-advisory, x_refsource_SGI |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2004:156",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-156.html"
},
{
"name": "20040404-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-05-05T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2004:156",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-156.html"
},
{
"name": "20040404-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2004:156",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-156.html"
},
{
"name": "20040404-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0182",
"datePublished": "2004-04-17T04:00:00",
"dateReserved": "2004-02-25T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0080
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=110549296126351&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285839 | x_refsource_CONFIRM | |
| http://qa.debian.org/bts-security.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:41.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050110 [USN-59-1] mailman vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110549296126351\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285839"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://qa.debian.org/bts-security.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050110 [USN-59-1] mailman vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110549296126351\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285839"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://qa.debian.org/bts-security.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050110 [USN-59-1] mailman vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110549296126351\u0026w=2"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285839",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285839"
},
{
"name": "http://qa.debian.org/bts-security.html",
"refsource": "MISC",
"url": "http://qa.debian.org/bts-security.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0080",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-14T00:00:00",
"dateUpdated": "2024-08-07T20:57:41.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12137
Vulnerability from cvelistv5
Published
2020-04-24 12:37
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/02/24/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/02/24/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS"
},
{
"name": "[oss-security] 20200424 Re: mailman 2.x: XSS via file attachments in list archives",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/24/3"
},
{
"name": "DSA-4664",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4664"
},
{
"name": "[debian-lts-announce] 20200503 [SECURITY] [DLA 2200-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00002.html"
},
{
"name": "USN-4348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4348-1/"
},
{
"name": "FEDORA-2020-69f2f1d987",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4COSBBEMJYLV7WSW5QTUJUOFJFK47KK/"
},
{
"name": "FEDORA-2020-20b748e81e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YCMGTTOXXCVM4O6CYZLTZDX6YLYORNF/"
},
{
"name": "openSUSE-SU-2020:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html"
},
{
"name": "openSUSE-SU-2020:1752",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-27T15:06:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/02/24/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/02/24/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS"
},
{
"name": "[oss-security] 20200424 Re: mailman 2.x: XSS via file attachments in list archives",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/24/3"
},
{
"name": "DSA-4664",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4664"
},
{
"name": "[debian-lts-announce] 20200503 [SECURITY] [DLA 2200-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00002.html"
},
{
"name": "USN-4348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4348-1/"
},
{
"name": "FEDORA-2020-69f2f1d987",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4COSBBEMJYLV7WSW5QTUJUOFJFK47KK/"
},
{
"name": "FEDORA-2020-20b748e81e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6YCMGTTOXXCVM4O6CYZLTZDX6YLYORNF/"
},
{
"name": "openSUSE-SU-2020:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html"
},
{
"name": "openSUSE-SU-2020:1752",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2020/02/24/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/02/24/2"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/02/24/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/02/24/3"
},
{
"name": "http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS",
"refsource": "MISC",
"url": "http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS"
},
{
"name": "[oss-security] 20200424 Re: mailman 2.x: XSS via file attachments in list archives",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/04/24/3"
},
{
"name": "DSA-4664",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4664"
},
{
"name": "[debian-lts-announce] 20200503 [SECURITY] [DLA 2200-1] mailman security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00002.html"
},
{
"name": "USN-4348-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4348-1/"
},
{
"name": "FEDORA-2020-69f2f1d987",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4COSBBEMJYLV7WSW5QTUJUOFJFK47KK/"
},
{
"name": "FEDORA-2020-20b748e81e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6YCMGTTOXXCVM4O6CYZLTZDX6YLYORNF/"
},
{
"name": "openSUSE-SU-2020:1707",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html"
},
{
"name": "openSUSE-SU-2020:1752",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12137",
"datePublished": "2020-04-24T12:37:58",
"dateReserved": "2020-04-24T00:00:00",
"dateUpdated": "2024-08-04T11:48:58.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1143
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:39
Severity ?
EPSS score ?
Summary
The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=110549296126351&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18857 | vdb-entry, x_refsource_XF | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286796 | x_refsource_CONFIRM | |
| http://www.novell.com/linux/security/advisories/2005_07_mailman.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/13603/ | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050110 [USN-59-1] mailman vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110549296126351\u0026w=2"
},
{
"name": "mailman-weak-encryption(18857)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18857"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286796"
},
{
"name": "SUSE-SA:2005:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_07_mailman.html"
},
{
"name": "13603",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13603/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050110 [USN-59-1] mailman vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110549296126351\u0026w=2"
},
{
"name": "mailman-weak-encryption(18857)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18857"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286796"
},
{
"name": "SUSE-SA:2005:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_07_mailman.html"
},
{
"name": "13603",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13603/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050110 [USN-59-1] mailman vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110549296126351\u0026w=2"
},
{
"name": "mailman-weak-encryption(18857)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18857"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286796",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286796"
},
{
"name": "SUSE-SA:2005:007",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_07_mailman.html"
},
{
"name": "13603",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13603/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1143",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2004-12-06T00:00:00",
"dateUpdated": "2024-08-08T00:39:00.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15011
Vulnerability from cvelistv5
Published
2020-06-24 11:34
Modified
2024-08-04 13:00
Severity ?
EPSS score ?
Summary
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mailman/+bug/1877379 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2020/06/msg00036.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4406-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html | vendor-advisory, x_refsource_SUSE | |
| https://www.debian.org/security/2021/dsa-4991 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:00:52.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1877379"
},
{
"name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2265-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00036.html"
},
{
"name": "USN-4406-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4406-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2276-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html"
},
{
"name": "openSUSE-SU-2020:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html"
},
{
"name": "openSUSE-SU-2020:1752",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html"
},
{
"name": "DSA-4991",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-23T10:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1877379"
},
{
"name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2265-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00036.html"
},
{
"name": "USN-4406-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4406-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2276-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html"
},
{
"name": "openSUSE-SU-2020:1707",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html"
},
{
"name": "openSUSE-SU-2020:1752",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html"
},
{
"name": "DSA-4991",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4991"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mailman/+bug/1877379",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mailman/+bug/1877379"
},
{
"name": "[debian-lts-announce] 20200630 [SECURITY] [DLA 2265-1] mailman security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00036.html"
},
{
"name": "USN-4406-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4406-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2276-1] mailman security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00007.html"
},
{
"name": "openSUSE-SU-2020:1707",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html"
},
{
"name": "openSUSE-SU-2020:1752",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html"
},
{
"name": "DSA-4991",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4991"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15011",
"datePublished": "2020-06-24T11:34:56",
"dateReserved": "2020-06-24T00:00:00",
"dateUpdated": "2024-08-04T13:00:52.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42096
Vulnerability from cvelistv5
Published
2021-10-21 00:40
Modified
2024-08-04 03:22
Severity ?
EPSS score ?
Summary
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/ | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/mailman/+bug/1947639 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2021/10/21/4 | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2021/dsa-4991 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1947639"
},
{
"name": "[oss-security] 20211021 Mailman 2.1.35 security release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/21/4"
},
{
"name": "DSA-4991",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-23T10:06:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1947639"
},
{
"name": "[oss-security] 20211021 Mailman 2.1.35 security release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/21/4"
},
{
"name": "DSA-4991",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4991"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/",
"refsource": "CONFIRM",
"url": "https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/"
},
{
"name": "https://bugs.launchpad.net/mailman/+bug/1947639",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mailman/+bug/1947639"
},
{
"name": "[oss-security] 20211021 Mailman 2.1.35 security release",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/10/21/4"
},
{
"name": "DSA-4991",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4991"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42096",
"datePublished": "2021-10-21T00:40:34",
"dateReserved": "2021-10-07T00:00:00",
"dateUpdated": "2024-08-04T03:22:25.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43332
Vulnerability from cvelistv5
Published
2021-11-12 20:45
Modified
2024-08-04 03:55
Severity ?
EPSS score ?
Summary
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mailman/+bug/1949403 | x_refsource_MISC | |
| https://mail.python.org/archives/list/mailman-announce%40python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1949403"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mail.python.org/archives/list/mailman-announce%40python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/"
},
{
"name": "[debian-lts-announce] 20220609 [SECURITY] [DLA 3049-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T12:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1949403"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mail.python.org/archives/list/mailman-announce%40python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/"
},
{
"name": "[debian-lts-announce] 20220609 [SECURITY] [DLA 3049-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mailman/+bug/1949403",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mailman/+bug/1949403"
},
{
"name": "https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/",
"refsource": "CONFIRM",
"url": "https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/"
},
{
"name": "[debian-lts-announce] 20220609 [SECURITY] [DLA 3049-1] mailman security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43332",
"datePublished": "2021-11-12T20:45:35",
"dateReserved": "2021-11-03T00:00:00",
"dateUpdated": "2024-08-04T03:55:28.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0855
Vulnerability from cvelistv5
Published
2002-08-14 04:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2002-07/0268.html | mailing-list, x_refsource_BUGTRAQ | |
| http://mail.python.org/pipermail/mailman-announce/2002-July/000043.html | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2002-177.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2002-178.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2002/dsa-147 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/5298 | vdb-entry, x_refsource_BID | |
| http://www.redhat.com/support/errata/RHSA-2002-181.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2002-176.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.iss.net/security_center/static/9985.php | vdb-entry, x_refsource_XF | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000522 | vendor-advisory, x_refsource_CONECTIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:48.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020724 cross-site scripting bug of Mailman",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0268.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2002-July/000043.html"
},
{
"name": "RHSA-2002:177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-177.html"
},
{
"name": "RHSA-2002:178",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-178.html"
},
{
"name": "DSA-147",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-147"
},
{
"name": "5298",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5298"
},
{
"name": "RHSA-2002:181",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-181.html"
},
{
"name": "RHSA-2002:176",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-176.html"
},
{
"name": "mailman-subscription-option-xss(9985)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9985.php"
},
{
"name": "CLA-2002:522",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000522"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber\u0027s list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020724 cross-site scripting bug of Mailman",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0268.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2002-July/000043.html"
},
{
"name": "RHSA-2002:177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-177.html"
},
{
"name": "RHSA-2002:178",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-178.html"
},
{
"name": "DSA-147",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-147"
},
{
"name": "5298",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5298"
},
{
"name": "RHSA-2002:181",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-181.html"
},
{
"name": "RHSA-2002:176",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-176.html"
},
{
"name": "mailman-subscription-option-xss(9985)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9985.php"
},
{
"name": "CLA-2002:522",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000522"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber\u0027s list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020724 cross-site scripting bug of Mailman",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0268.html"
},
{
"name": "http://mail.python.org/pipermail/mailman-announce/2002-July/000043.html",
"refsource": "CONFIRM",
"url": "http://mail.python.org/pipermail/mailman-announce/2002-July/000043.html"
},
{
"name": "RHSA-2002:177",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-177.html"
},
{
"name": "RHSA-2002:178",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-178.html"
},
{
"name": "DSA-147",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-147"
},
{
"name": "5298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5298"
},
{
"name": "RHSA-2002:181",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-181.html"
},
{
"name": "RHSA-2002:176",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-176.html"
},
{
"name": "mailman-subscription-option-xss(9985)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9985.php"
},
{
"name": "CLA-2002:522",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000522"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0855",
"datePublished": "2002-08-14T04:00:00",
"dateReserved": "2002-08-13T00:00:00",
"dateUpdated": "2024-08-08T03:03:48.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-34337
Vulnerability from cvelistv5
Published
2023-04-15 00:00
Modified
2024-08-04 00:05
Severity ?
EPSS score ?
Summary
An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:05:52.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/mailman/mailman/-/issues/911"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/mailman/mailman/-/tags"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a196bb51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-15T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.com/mailman/mailman/-/issues/911"
},
{
"url": "https://gitlab.com/mailman/mailman/-/tags"
},
{
"url": "https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a196bb51"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-34337",
"datePublished": "2023-04-15T00:00:00",
"dateReserved": "2021-06-08T00:00:00",
"dateUpdated": "2024-08-04T00:05:52.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1177
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=110549296126351&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18854 | vdb-entry, x_refsource_XF | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287555 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/13603 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2005:015 | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.novell.com/linux/security/advisories/2005_07_mailman.html | vendor-advisory, x_refsource_SUSE | |
| http://www.debian.org/security/2005/dsa-674 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.redhat.com/support/errata/RHSA-2005-235.html | vendor-advisory, x_refsource_REDHAT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11113 | vdb-entry, signature, x_refsource_OVAL |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:11.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050110 [USN-59-1] mailman vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110549296126351\u0026w=2"
},
{
"name": "mailman-script-driver-xss(18854)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18854"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287555"
},
{
"name": "13603",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13603"
},
{
"name": "MDKSA-2005:015",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:015"
},
{
"name": "SUSE-SA:2005:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_07_mailman.html"
},
{
"name": "DSA-674",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-674"
},
{
"name": "RHSA-2005:235",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-235.html"
},
{
"name": "oval:org.mitre.oval:def:11113",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11113"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050110 [USN-59-1] mailman vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110549296126351\u0026w=2"
},
{
"name": "mailman-script-driver-xss(18854)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18854"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287555"
},
{
"name": "13603",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13603"
},
{
"name": "MDKSA-2005:015",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:015"
},
{
"name": "SUSE-SA:2005:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_07_mailman.html"
},
{
"name": "DSA-674",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-674"
},
{
"name": "RHSA-2005:235",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-235.html"
},
{
"name": "oval:org.mitre.oval:def:11113",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11113"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050110 [USN-59-1] mailman vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110549296126351\u0026w=2"
},
{
"name": "mailman-script-driver-xss(18854)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18854"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287555",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287555"
},
{
"name": "13603",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13603"
},
{
"name": "MDKSA-2005:015",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:015"
},
{
"name": "SUSE-SA:2005:007",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_07_mailman.html"
},
{
"name": "DSA-674",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-674"
},
{
"name": "RHSA-2005:235",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-235.html"
},
{
"name": "oval:org.mitre.oval:def:11113",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11113"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1177",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2004-12-13T00:00:00",
"dateUpdated": "2024-08-08T00:46:11.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7123
Vulnerability from cvelistv5
Published
2016-09-02 14:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1037160 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/92732 | vdb-entry, x_refsource_BID | |
| https://bugs.launchpad.net/bugs/1614841 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1037160",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037160"
},
{
"name": "92732",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92732"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/bugs/1614841"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1037160",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037160"
},
{
"name": "92732",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92732"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/bugs/1614841"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-7123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037160",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037160"
},
{
"name": "92732",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92732"
},
{
"name": "https://bugs.launchpad.net/bugs/1614841",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/bugs/1614841"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-7123",
"datePublished": "2016-09-02T14:00:00",
"dateReserved": "2016-09-02T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5950
Vulnerability from cvelistv5
Published
2018-01-23 16:00
Modified
2024-08-05 05:47
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104594 | vdb-entry, x_refsource_BID | |
| https://access.redhat.com/errata/RHSA-2018:0504 | vendor-advisory, x_refsource_REDHAT | |
| https://usn.ubuntu.com/3563-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.mail-archive.com/mailman-users%40python.org/msg70375.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2018/dsa-4108 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2018:0505 | vendor-advisory, x_refsource_REDHAT | |
| https://bugs.launchpad.net/mailman/+bug/1747209 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/02/msg00007.html | mailing-list, x_refsource_MLIST | |
| http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:47:56.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104594",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104594"
},
{
"name": "RHSA-2018:0504",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0504"
},
{
"name": "USN-3563-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3563-1/"
},
{
"name": "[mailman-users] 20180120 Mailman 2.1.26 Security release Feb 4, 2018",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.mail-archive.com/mailman-users%40python.org/msg70375.html"
},
{
"name": "DSA-4108",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4108"
},
{
"name": "RHSA-2018:0505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0505"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1747209"
},
{
"name": "[debian-lts-announce] 20180209 [SECURITY] [DLA 1272-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00007.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-29T16:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "104594",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104594"
},
{
"name": "RHSA-2018:0504",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0504"
},
{
"name": "USN-3563-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3563-1/"
},
{
"name": "[mailman-users] 20180120 Mailman 2.1.26 Security release Feb 4, 2018",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.mail-archive.com/mailman-users%40python.org/msg70375.html"
},
{
"name": "DSA-4108",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4108"
},
{
"name": "RHSA-2018:0505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0505"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1747209"
},
{
"name": "[debian-lts-announce] 20180209 [SECURITY] [DLA 1272-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00007.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104594"
},
{
"name": "RHSA-2018:0504",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0504"
},
{
"name": "USN-3563-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3563-1/"
},
{
"name": "[mailman-users] 20180120 Mailman 2.1.26 Security release Feb 4, 2018",
"refsource": "MLIST",
"url": "https://www.mail-archive.com/mailman-users@python.org/msg70375.html"
},
{
"name": "DSA-4108",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4108"
},
{
"name": "RHSA-2018:0505",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0505"
},
{
"name": "https://bugs.launchpad.net/mailman/+bug/1747209",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mailman/+bug/1747209"
},
{
"name": "[debian-lts-announce] 20180209 [SECURITY] [DLA 1272-1] mailman security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00007.html"
},
{
"name": "http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5950",
"datePublished": "2018-01-23T16:00:00",
"dateReserved": "2018-01-19T00:00:00",
"dateUpdated": "2024-08-05T05:47:56.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4624
Vulnerability from cvelistv5
Published
2006-09-07 19:00
Modified
2024-08-07 19:14
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3446",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3446"
},
{
"name": "DSA-1188",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1188"
},
{
"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name": "19831",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19831"
},
{
"name": "mailman-admin-spoofing(28734)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28734"
},
{
"name": "22639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22639"
},
{
"name": "20021",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20021"
},
{
"name": "RHSA-2007:0779",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0779.html"
},
{
"name": "GLSA-200609-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"name": "20060913 Mailman 2.1.8 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859\u0026r2=7923"
},
{
"name": "27669",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27669"
},
{
"name": "22227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22227"
},
{
"name": "SUSE-SR:2006:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name": "MDKSA-2006:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295"
},
{
"name": "21732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21732"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"
},
{
"name": "22011",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22011"
},
{
"name": "oval:org.mitre.oval:def:9756",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756"
},
{
"name": "22020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-3446",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3446"
},
{
"name": "DSA-1188",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1188"
},
{
"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name": "19831",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19831"
},
{
"name": "mailman-admin-spoofing(28734)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28734"
},
{
"name": "22639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22639"
},
{
"name": "20021",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20021"
},
{
"name": "RHSA-2007:0779",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0779.html"
},
{
"name": "GLSA-200609-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"name": "20060913 Mailman 2.1.8 Multiple Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859\u0026r2=7923"
},
{
"name": "27669",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27669"
},
{
"name": "22227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22227"
},
{
"name": "SUSE-SR:2006:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name": "MDKSA-2006:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295"
},
{
"name": "21732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21732"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"
},
{
"name": "22011",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22011"
},
{
"name": "oval:org.mitre.oval:def:9756",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756"
},
{
"name": "22020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22020"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-3446",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3446"
},
{
"name": "DSA-1188",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1188"
},
{
"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"refsource": "MLIST",
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name": "19831",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19831"
},
{
"name": "mailman-admin-spoofing(28734)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28734"
},
{
"name": "22639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22639"
},
{
"name": "20021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20021"
},
{
"name": "RHSA-2007:0779",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0779.html"
},
{
"name": "GLSA-200609-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"name": "20060913 Mailman 2.1.8 Multiple Security Issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"
},
{
"name": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859\u0026r2=7923",
"refsource": "MISC",
"url": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859\u0026r2=7923"
},
{
"name": "27669",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27669"
},
{
"name": "22227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22227"
},
{
"name": "SUSE-SR:2006:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name": "MDKSA-2006:165",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295"
},
{
"name": "21732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21732"
},
{
"name": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"
},
{
"name": "22011",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22011"
},
{
"name": "oval:org.mitre.oval:def:9756",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9756"
},
{
"name": "22020",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22020"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4624",
"datePublished": "2006-09-07T19:00:00",
"dateReserved": "2006-09-07T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0290
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:14
Severity ?
EPSS score ?
Summary
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2001-03/0031.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:14:07.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010306 [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy patch)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010306 [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy patch)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0031.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010306 [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy patch)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0031.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0290",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-04-04T00:00:00",
"dateUpdated": "2024-08-08T04:14:07.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42097
Vulnerability from cvelistv5
Published
2021-10-21 00:45
Modified
2024-08-04 03:22
Severity ?
EPSS score ?
Summary
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
References
| ▼ | URL | Tags |
|---|---|---|
| https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/ | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/mailman/+bug/1947640 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2021/10/21/4 | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2021/dsa-4991 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1947640"
},
{
"name": "[oss-security] 20211021 Mailman 2.1.35 security release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/21/4"
},
{
"name": "DSA-4991",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4991"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-23T10:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mail.python.org/archives/list/mailman-announce%40python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1947640"
},
{
"name": "[oss-security] 20211021 Mailman 2.1.35 security release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/21/4"
},
{
"name": "DSA-4991",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4991"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/",
"refsource": "CONFIRM",
"url": "https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/"
},
{
"name": "https://bugs.launchpad.net/mailman/+bug/1947640",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mailman/+bug/1947640"
},
{
"name": "[oss-security] 20211021 Mailman 2.1.35 security release",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/10/21/4"
},
{
"name": "DSA-4991",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4991"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42097",
"datePublished": "2021-10-21T00:45:13",
"dateReserved": "2021-10-07T00:00:00",
"dateUpdated": "2024-08-04T03:22:25.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0412
Vulnerability from cvelistv5
Published
2004-06-03 04:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10412 | vdb-entry, x_refsource_BID | |
| http://security.gentoo.org/glsa/glsa-200406-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/11701 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16256 | vdb-entry, x_refsource_XF | |
| http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:051 | vendor-advisory, x_refsource_MANDRAKE | |
| http://marc.info/?l=bugtraq&m=109034869927955&w=2 | vendor-advisory, x_refsource_FEDORA | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842 | vendor-advisory, x_refsource_CONECTIVA | |
| https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559 | x_refsource_CONFIRM | |
| http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10412"
},
{
"name": "GLSA-200406-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-04.xml"
},
{
"name": "11701",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11701"
},
{
"name": "mailman-obtain-password(16256)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16256"
},
{
"name": "MDKSA-2004:051",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:051"
},
{
"name": "FEDORA-2004-1734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109034869927955\u0026w=2"
},
{
"name": "CLA-2004:842",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000842"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559"
},
{
"name": "[Mailman-Announce] 20040515 RELEASED Mailman 2.1.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10412"
},
{
"name": "GLSA-200406-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200406-04.xml"
},
{
"name": "11701",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11701"
},
{
"name": "mailman-obtain-password(16256)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16256"
},
{
"name": "MDKSA-2004:051",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:051"
},
{
"name": "FEDORA-2004-1734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109034869927955\u0026w=2"
},
{
"name": "CLA-2004:842",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000842"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559"
},
{
"name": "[Mailman-Announce] 20040515 RELEASED Mailman 2.1.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10412"
},
{
"name": "GLSA-200406-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200406-04.xml"
},
{
"name": "11701",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11701"
},
{
"name": "mailman-obtain-password(16256)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16256"
},
{
"name": "MDKSA-2004:051",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:051"
},
{
"name": "FEDORA-2004-1734",
"refsource": "FEDORA",
"url": "http://marc.info/?l=bugtraq\u0026m=109034869927955\u0026w=2"
},
{
"name": "CLA-2004:842",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000842"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559"
},
{
"name": "[Mailman-Announce] 20040515 RELEASED Mailman 2.1.5",
"refsource": "MLIST",
"url": "http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0412",
"datePublished": "2004-06-03T04:00:00",
"dateReserved": "2004-04-16T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-13796
Vulnerability from cvelistv5
Published
2018-07-12 18:00
Modified
2024-08-05 09:14
Severity ?
EPSS score ?
Summary
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mailman/+bug/1780874 | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html | mailing-list, x_refsource_MLIST | |
| https://www.mail-archive.com/mailman-users%40python.org/msg71003.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/201904-10 | vendor-advisory, x_refsource_GENTOO | |
| https://usn.ubuntu.com/4348-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:14:47.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1780874"
},
{
"name": "[debian-lts-announce] 20180724 [SECURITY] [DLA 1442-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html"
},
{
"name": "[mailman-users] 20180710 Re: correction: Mailman 2.1.28 Security fix release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.mail-archive.com/mailman-users%40python.org/msg71003.html"
},
{
"name": "GLSA-201904-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201904-10"
},
{
"name": "USN-4348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4348-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-06T19:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1780874"
},
{
"name": "[debian-lts-announce] 20180724 [SECURITY] [DLA 1442-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html"
},
{
"name": "[mailman-users] 20180710 Re: correction: Mailman 2.1.28 Security fix release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.mail-archive.com/mailman-users%40python.org/msg71003.html"
},
{
"name": "GLSA-201904-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201904-10"
},
{
"name": "USN-4348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4348-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mailman/+bug/1780874",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mailman/+bug/1780874"
},
{
"name": "[debian-lts-announce] 20180724 [SECURITY] [DLA 1442-1] mailman security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html"
},
{
"name": "[mailman-users] 20180710 Re: correction: Mailman 2.1.28 Security fix release",
"refsource": "MLIST",
"url": "https://www.mail-archive.com/mailman-users@python.org/msg71003.html"
},
{
"name": "GLSA-201904-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201904-10"
},
{
"name": "USN-4348-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4348-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-13796",
"datePublished": "2018-07-12T18:00:00",
"dateReserved": "2018-07-10T00:00:00",
"dateUpdated": "2024-08-05T09:14:47.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0038
Vulnerability from cvelistv5
Published
2003-01-29 05:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=104342745916111 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/9205 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/6677 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1005987 | vdb-entry, x_refsource_SECTRACK | |
| http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11152 | vdb-entry, x_refsource_XF | |
| http://www.debian.org/security/2004/dsa-436 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030124 Mailman: cross-site scripting bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104342745916111"
},
{
"name": "9205",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9205"
},
{
"name": "6677",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6677"
},
{
"name": "1005987",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1005987"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt"
},
{
"name": "mailman-email-variable-xss(11152)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11152"
},
{
"name": "DSA-436",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-436"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030124 Mailman: cross-site scripting bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104342745916111"
},
{
"name": "9205",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9205"
},
{
"name": "6677",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6677"
},
{
"name": "1005987",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1005987"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt"
},
{
"name": "mailman-email-variable-xss(11152)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11152"
},
{
"name": "DSA-436",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-436"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030124 Mailman: cross-site scripting bug",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104342745916111"
},
{
"name": "9205",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9205"
},
{
"name": "6677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6677"
},
{
"name": "1005987",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1005987"
},
{
"name": "http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt",
"refsource": "CONFIRM",
"url": "http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt"
},
{
"name": "mailman-email-variable-xss(11152)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11152"
},
{
"name": "DSA-436",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-436"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0038",
"datePublished": "2003-01-29T05:00:00",
"dateReserved": "2003-01-27T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44227
Vulnerability from cvelistv5
Published
2021-12-02 02:52
Modified
2024-08-04 04:17
Severity ?
EPSS score ?
Summary
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mailman/+bug/1952384 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:17:24.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1952384"
},
{
"name": "[debian-lts-announce] 20220609 [SECURITY] [DLA 3049-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T12:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1952384"
},
{
"name": "[debian-lts-announce] 20220609 [SECURITY] [DLA 3049-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mailman/+bug/1952384",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mailman/+bug/1952384"
},
{
"name": "[debian-lts-announce] 20220609 [SECURITY] [DLA 3049-1] mailman security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44227",
"datePublished": "2021-12-02T02:52:31",
"dateReserved": "2021-11-26T00:00:00",
"dateUpdated": "2024-08-04T04:17:24.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0991
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 02:12
Severity ?
EPSS score ?
Summary
Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc | vendor-advisory, x_refsource_SGI | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.debian.org/security/2004/dsa-436 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/9620 | vdb-entry, x_refsource_BID | |
| http://www.redhat.com/support/errata/RHSA-2004-019.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:013 | vendor-advisory, x_refsource_MANDRAKE | |
| http://mail.python.org/pipermail/mailman-announce/2004-February/000067.html | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15106 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:35.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040201-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
},
{
"name": "CLA-2004:842",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000842"
},
{
"name": "DSA-436",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-436"
},
{
"name": "9620",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9620"
},
{
"name": "RHSA-2004:019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-019.html"
},
{
"name": "MDKSA-2004:013",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:013"
},
{
"name": "[Mailman-Announce] 20040208 RELEASED: Mailman 2.0.14 patch-only release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2004-February/000067.html"
},
{
"name": "mailman-command-handler-dos(15106)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040201-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
},
{
"name": "CLA-2004:842",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000842"
},
{
"name": "DSA-436",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-436"
},
{
"name": "9620",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9620"
},
{
"name": "RHSA-2004:019",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-019.html"
},
{
"name": "MDKSA-2004:013",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:013"
},
{
"name": "[Mailman-Announce] 20040208 RELEASED: Mailman 2.0.14 patch-only release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2004-February/000067.html"
},
{
"name": "mailman-command-handler-dos(15106)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15106"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040201-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
},
{
"name": "CLA-2004:842",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000842"
},
{
"name": "DSA-436",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-436"
},
{
"name": "9620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9620"
},
{
"name": "RHSA-2004:019",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-019.html"
},
{
"name": "MDKSA-2004:013",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:013"
},
{
"name": "[Mailman-Announce] 20040208 RELEASED: Mailman 2.0.14 patch-only release",
"refsource": "MLIST",
"url": "http://mail.python.org/pipermail/mailman-announce/2004-February/000067.html"
},
{
"name": "mailman-command-handler-dos(15106)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15106"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0991",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-12-16T00:00:00",
"dateUpdated": "2024-08-08T02:12:35.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3573
Vulnerability from cvelistv5
Published
2005-11-16 07:37
Modified
2024-08-07 23:17
Severity ?
EPSS score ?
Summary
Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19167"
},
{
"name": "USN-242-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-242-1"
},
{
"name": "18503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18503"
},
{
"name": "ADV-2005-2404",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2404"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "2006-0012",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0012/"
},
{
"name": "RHSA-2006:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0204.html"
},
{
"name": "oval:org.mitre.oval:def:10038",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10038"
},
{
"name": "20819",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20819"
},
{
"name": "mailman-utf8-scrubber-dos(23139)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23139"
},
{
"name": "18456",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18456"
},
{
"name": "1015735",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015735"
},
{
"name": "SUSE-SR:2006:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0003.html"
},
{
"name": "17874",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17874"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "MDKSA-2005:222",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222"
},
{
"name": "15408",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15408"
},
{
"name": "18612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18612"
},
{
"name": "17511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17511"
},
{
"name": "[Mailman-Users] 20050912 Uncaught runner exception: \u0027utf8\u0027 codeccan\u0027tdecode bytes in position 1-4: invalid data",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-users/2005-September/046523.html"
},
{
"name": "19196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19196"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732"
},
{
"name": "DSA-955",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-955"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19167"
},
{
"name": "USN-242-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-242-1"
},
{
"name": "18503",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18503"
},
{
"name": "ADV-2005-2404",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2404"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "2006-0012",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0012/"
},
{
"name": "RHSA-2006:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0204.html"
},
{
"name": "oval:org.mitre.oval:def:10038",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10038"
},
{
"name": "20819",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20819"
},
{
"name": "mailman-utf8-scrubber-dos(23139)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23139"
},
{
"name": "18456",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18456"
},
{
"name": "1015735",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015735"
},
{
"name": "SUSE-SR:2006:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0003.html"
},
{
"name": "17874",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17874"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "MDKSA-2005:222",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222"
},
{
"name": "15408",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15408"
},
{
"name": "18612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18612"
},
{
"name": "17511",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17511"
},
{
"name": "[Mailman-Users] 20050912 Uncaught runner exception: \u0027utf8\u0027 codeccan\u0027tdecode bytes in position 1-4: invalid data",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.python.org/pipermail/mailman-users/2005-September/046523.html"
},
{
"name": "19196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19196"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732"
},
{
"name": "DSA-955",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-955"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19167"
},
{
"name": "USN-242-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-242-1"
},
{
"name": "18503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18503"
},
{
"name": "ADV-2005-2404",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2404"
},
{
"name": "20060401-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "2006-0012",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0012/"
},
{
"name": "RHSA-2006:0204",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0204.html"
},
{
"name": "oval:org.mitre.oval:def:10038",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10038"
},
{
"name": "20819",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20819"
},
{
"name": "mailman-utf8-scrubber-dos(23139)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23139"
},
{
"name": "18456",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18456"
},
{
"name": "1015735",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015735"
},
{
"name": "SUSE-SR:2006:001",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0003.html"
},
{
"name": "17874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17874"
},
{
"name": "19532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19532"
},
{
"name": "MDKSA-2005:222",
"refsource": "MANDRIVA",
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222"
},
{
"name": "15408",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15408"
},
{
"name": "18612",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18612"
},
{
"name": "17511",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17511"
},
{
"name": "[Mailman-Users] 20050912 Uncaught runner exception: \u0027utf8\u0027 codeccan\u0027tdecode bytes in position 1-4: invalid data",
"refsource": "MLIST",
"url": "http://mail.python.org/pipermail/mailman-users/2005-September/046523.html"
},
{
"name": "19196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19196"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732"
},
{
"name": "DSA-955",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-955"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3573",
"datePublished": "2005-11-16T07:37:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0992
Vulnerability from cvelistv5
Published
2004-01-15 05:00
Modified
2024-08-08 02:12
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2004-020.html | vendor-advisory, x_refsource_REDHAT | |
| http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2004:013 | vendor-advisory, x_refsource_MANDRAKE | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A815 | vdb-entry, signature, x_refsource_OVAL | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842 | vendor-advisory, x_refsource_CONECTIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:35.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2004:020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html"
},
{
"name": "MDKSA-2004:013",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:013"
},
{
"name": "oval:org.mitre.oval:def:815",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A815"
},
{
"name": "CLA-2004:842",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000842"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2004:020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html"
},
{
"name": "MDKSA-2004:013",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:013"
},
{
"name": "oval:org.mitre.oval:def:815",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A815"
},
{
"name": "CLA-2004:842",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000842"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2004:020",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-020.html"
},
{
"name": "http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html",
"refsource": "CONFIRM",
"url": "http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html"
},
{
"name": "MDKSA-2004:013",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:013"
},
{
"name": "oval:org.mitre.oval:def:815",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A815"
},
{
"name": "CLA-2004:842",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000842"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0992",
"datePublished": "2004-01-15T05:00:00",
"dateReserved": "2003-12-16T00:00:00",
"dateUpdated": "2024-08-08T02:12:35.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0861
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:37
Severity ?
EPSS score ?
Summary
Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/1667 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html | vendor-advisory, x_refsource_FREEBSD | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5493 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:30.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1667",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1667"
},
{
"name": "FreeBSD-SA-00:51",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html"
},
{
"name": "mailman-execute-external-commands(5493)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5493"
},
{
"name": "20000907 Mailman 1.1 + external archiver vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1667",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1667"
},
{
"name": "FreeBSD-SA-00:51",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html"
},
{
"name": "mailman-execute-external-commands(5493)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5493"
},
{
"name": "20000907 Mailman 1.1 + external archiver vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1667",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1667"
},
{
"name": "FreeBSD-SA-00:51",
"refsource": "FREEBSD",
"url": "http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html"
},
{
"name": "mailman-execute-external-commands(5493)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5493"
},
{
"name": "20000907 Mailman 1.1 + external archiver vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0861",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-10-18T00:00:00",
"dateUpdated": "2024-08-08T05:37:30.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0389
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:49
Severity ?
EPSS score ?
Summary
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2015-1417.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/4538 | vdb-entry, x_refsource_BID | |
| http://sourceforge.net/tracker/?func=detail&atid=100103&aid=474616&group_id=103 | x_refsource_MISC | |
| http://www.iss.net/security_center/static/8874.php | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=101902003314968&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:49:28.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:1417",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1417.html"
},
{
"name": "4538",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4538"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026atid=100103\u0026aid=474616\u0026group_id=103"
},
{
"name": "pipermail-view-archives(8874)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8874.php"
},
{
"name": "20020417 Mailman/Pipermail private mailing list/local user vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101902003314968\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2015:1417",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1417.html"
},
{
"name": "4538",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4538"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/tracker/?func=detail\u0026atid=100103\u0026aid=474616\u0026group_id=103"
},
{
"name": "pipermail-view-archives(8874)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8874.php"
},
{
"name": "20020417 Mailman/Pipermail private mailing list/local user vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101902003314968\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1417",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1417.html"
},
{
"name": "4538",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4538"
},
{
"name": "http://sourceforge.net/tracker/?func=detail\u0026atid=100103\u0026aid=474616\u0026group_id=103",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail\u0026atid=100103\u0026aid=474616\u0026group_id=103"
},
{
"name": "pipermail-view-archives(8874)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8874.php"
},
{
"name": "20020417 Mailman/Pipermail private mailing list/local user vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101902003314968\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0389",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-05-23T00:00:00",
"dateUpdated": "2024-08-08T02:49:28.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1712
Vulnerability from cvelistv5
Published
2006-04-11 19:00
Modified
2024-08-07 17:19
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1015876 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/24442 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/19558 | third-party-advisory, x_refsource_SECUNIA | |
| http://mail.python.org/pipermail/mailman-announce/2006-April/000084.html | mailing-list, x_refsource_MLIST | |
| http://www.vupen.com/english/advisories/2006/1269 | vdb-entry, x_refsource_VUPEN | |
| http://bugs.gentoo.org/show_bug.cgi?id=129136 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/17403 | vdb-entry, x_refsource_BID | |
| http://www.mail-archive.com/mailman-checkins%40python.org/msg06273.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:49.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015876",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015876"
},
{
"name": "24442",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24442"
},
{
"name": "19558",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19558"
},
{
"name": "[Mailman-Announce] 20060407 Released: Mailman 2.1.8 release candidate",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2006-April/000084.html"
},
{
"name": "ADV-2006-1269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1269"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=129136"
},
{
"name": "17403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17403"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mail-archive.com/mailman-checkins%40python.org/msg06273.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-26T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015876",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015876"
},
{
"name": "24442",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24442"
},
{
"name": "19558",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19558"
},
{
"name": "[Mailman-Announce] 20060407 Released: Mailman 2.1.8 release candidate",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2006-April/000084.html"
},
{
"name": "ADV-2006-1269",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1269"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=129136"
},
{
"name": "17403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17403"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mail-archive.com/mailman-checkins%40python.org/msg06273.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015876",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015876"
},
{
"name": "24442",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24442"
},
{
"name": "19558",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19558"
},
{
"name": "[Mailman-Announce] 20060407 Released: Mailman 2.1.8 release candidate",
"refsource": "MLIST",
"url": "http://mail.python.org/pipermail/mailman-announce/2006-April/000084.html"
},
{
"name": "ADV-2006-1269",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1269"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=129136",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=129136"
},
{
"name": "17403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17403"
},
{
"name": "http://www.mail-archive.com/mailman-checkins@python.org/msg06273.html",
"refsource": "CONFIRM",
"url": "http://www.mail-archive.com/mailman-checkins@python.org/msg06273.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1712",
"datePublished": "2006-04-11T19:00:00",
"dateReserved": "2006-04-11T00:00:00",
"dateUpdated": "2024-08-07T17:19:49.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3089
Vulnerability from cvelistv5
Published
2010-09-15 19:00
Modified
2024-08-07 02:55
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20100913 CVE Request: mailman",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128438736513097\u0026w=2"
},
{
"name": "RHSA-2011:0307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
},
{
"name": "[oss-security] 20100913 Re: CVE Request: mailman",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128441369020123\u0026w=2"
},
{
"name": "FEDORA-2010-14877",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html"
},
{
"name": "43294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43294"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "ADV-2011-0460",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0460"
},
{
"name": "openSUSE-SU-2011:0424",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html"
},
{
"name": "DSA-2170",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2170"
},
{
"name": "FEDORA-2010-14834",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html"
},
{
"name": "42502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42502"
},
{
"name": "[oss-security] 20100913 Re: CVE Request: mailman",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128441135117819\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/mailman/+milestone/2.1.14rc1"
},
{
"name": "USN-1069-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1069-1"
},
{
"name": "RHSA-2011:0308",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0308.html"
},
{
"name": "APPLE-SA-2011-03-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "[oss-security] 20100913 Re: CVE Request: mailman",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128440851513718\u0026w=2"
},
{
"name": "41265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41265"
},
{
"name": "ADV-2011-0436",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0436"
},
{
"name": "[mailman-announce] 20100909 Mailman security patch.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html"
},
{
"name": "ADV-2010-3271",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3271"
},
{
"name": "[oss-security] 20100913 Re: CVE Request: mailman",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=128441237618793\u0026w=2"
},
{
"name": "43425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43425"
},
{
"name": "ADV-2011-0542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0542"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=631881"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=631859"
},
{
"name": "43580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43580"
},
{
"name": "[mailman-announce] 20100905 Mailman security patch.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2010-September/000150.html"
},
{
"name": "43549",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-10T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20100913 CVE Request: mailman",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128438736513097\u0026w=2"
},
{
"name": "RHSA-2011:0307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
},
{
"name": "[oss-security] 20100913 Re: CVE Request: mailman",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128441369020123\u0026w=2"
},
{
"name": "FEDORA-2010-14877",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html"
},
{
"name": "43294",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43294"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "ADV-2011-0460",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0460"
},
{
"name": "openSUSE-SU-2011:0424",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00000.html"
},
{
"name": "DSA-2170",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2170"
},
{
"name": "FEDORA-2010-14834",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html"
},
{
"name": "42502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42502"
},
{
"name": "[oss-security] 20100913 Re: CVE Request: mailman",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128441135117819\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/mailman/+milestone/2.1.14rc1"
},
{
"name": "USN-1069-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1069-1"
},
{
"name": "RHSA-2011:0308",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0308.html"
},
{
"name": "APPLE-SA-2011-03-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
},
{
"name": "[oss-security] 20100913 Re: CVE Request: mailman",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128440851513718\u0026w=2"
},
{
"name": "41265",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41265"
},
{
"name": "ADV-2011-0436",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0436"
},
{
"name": "[mailman-announce] 20100909 Mailman security patch.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2010-September/000151.html"
},
{
"name": "ADV-2010-3271",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3271"
},
{
"name": "[oss-security] 20100913 Re: CVE Request: mailman",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=128441237618793\u0026w=2"
},
{
"name": "43425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43425"
},
{
"name": "ADV-2011-0542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0542"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=631881"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=631859"
},
{
"name": "43580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43580"
},
{
"name": "[mailman-announce] 20100905 Mailman security patch.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2010-September/000150.html"
},
{
"name": "43549",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4581"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3089",
"datePublished": "2010-09-15T19:00:00",
"dateReserved": "2010-08-20T00:00:00",
"dateUpdated": "2024-08-07T02:55:46.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0965
Vulnerability from cvelistv5
Published
2004-01-15 05:00
Modified
2024-08-08 02:12
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2004-020.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/14121 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/10519 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2004:013 | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.securityfocus.com/bid/9336 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A813 | vdb-entry, signature, x_refsource_OVAL | |
| http://www.osvdb.org/3305 | vdb-entry, x_refsource_OSVDB | |
| http://mail.python.org/pipermail/mailman-announce/2003-December/000066.html | mailing-list, x_refsource_MLIST | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.debian.org/security/2004/dsa-436 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:35.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2004:020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-020.html"
},
{
"name": "mailman-admin-xss(14121)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14121"
},
{
"name": "10519",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10519"
},
{
"name": "MDKSA-2004:013",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:013"
},
{
"name": "9336",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9336"
},
{
"name": "oval:org.mitre.oval:def:813",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A813"
},
{
"name": "3305",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3305"
},
{
"name": "[Mailman-Announce] 20031231 RELEASED Mailman 2.1.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2003-December/000066.html"
},
{
"name": "CLA-2004:842",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000842"
},
{
"name": "DSA-436",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-436"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-12-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2004:020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-020.html"
},
{
"name": "mailman-admin-xss(14121)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14121"
},
{
"name": "10519",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10519"
},
{
"name": "MDKSA-2004:013",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:013"
},
{
"name": "9336",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9336"
},
{
"name": "oval:org.mitre.oval:def:813",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A813"
},
{
"name": "3305",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3305"
},
{
"name": "[Mailman-Announce] 20031231 RELEASED Mailman 2.1.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2003-December/000066.html"
},
{
"name": "CLA-2004:842",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000842"
},
{
"name": "DSA-436",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-436"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2004:020",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-020.html"
},
{
"name": "mailman-admin-xss(14121)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14121"
},
{
"name": "10519",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10519"
},
{
"name": "MDKSA-2004:013",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:013"
},
{
"name": "9336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9336"
},
{
"name": "oval:org.mitre.oval:def:813",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A813"
},
{
"name": "3305",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3305"
},
{
"name": "[Mailman-Announce] 20031231 RELEASED Mailman 2.1.4",
"refsource": "MLIST",
"url": "http://mail.python.org/pipermail/mailman-announce/2003-December/000066.html"
},
{
"name": "CLA-2004:842",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000842"
},
{
"name": "DSA-436",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-436"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0965",
"datePublished": "2004-01-15T05:00:00",
"dateReserved": "2003-11-26T00:00:00",
"dateUpdated": "2024-08-08T02:12:35.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0618
Vulnerability from cvelistv5
Published
2018-07-26 17:00
Modified
2024-08-05 03:28
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2018/dsa-4246 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html | mailing-list, x_refsource_MLIST | |
| http://jvn.jp/en/jp/JVN00846677/index.html | third-party-advisory, x_refsource_JVN | |
| https://security.gentoo.org/glsa/201904-10 | vendor-advisory, x_refsource_GENTOO | |
| https://usn.ubuntu.com/4348-1/ | vendor-advisory, x_refsource_UBUNTU |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | GNU Mailman | Mailman |
Version: 2.1.26 and earlier |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:28:11.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[mailman-announce] 20180622 Mailman 2.1.27 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html"
},
{
"name": "DSA-4246",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4246"
},
{
"name": "[debian-lts-announce] 20180724 [SECURITY] [DLA 1442-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html"
},
{
"name": "JVN#00846677",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN00846677/index.html"
},
{
"name": "GLSA-201904-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201904-10"
},
{
"name": "USN-4348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4348-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mailman",
"vendor": "GNU Mailman",
"versions": [
{
"status": "affected",
"version": "2.1.26 and earlier"
}
]
}
],
"datePublic": "2018-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-06T19:06:04",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "[mailman-announce] 20180622 Mailman 2.1.27 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html"
},
{
"name": "DSA-4246",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4246"
},
{
"name": "[debian-lts-announce] 20180724 [SECURITY] [DLA 1442-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html"
},
{
"name": "JVN#00846677",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN00846677/index.html"
},
{
"name": "GLSA-201904-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201904-10"
},
{
"name": "USN-4348-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4348-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mailman",
"version": {
"version_data": [
{
"version_value": "2.1.26 and earlier"
}
]
}
}
]
},
"vendor_name": "GNU Mailman"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[mailman-announce] 20180622 Mailman 2.1.27 released",
"refsource": "MLIST",
"url": "https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html"
},
{
"name": "DSA-4246",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4246"
},
{
"name": "[debian-lts-announce] 20180724 [SECURITY] [DLA 1442-1] mailman security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00034.html"
},
{
"name": "JVN#00846677",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN00846677/index.html"
},
{
"name": "GLSA-201904-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201904-10"
},
{
"name": "USN-4348-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4348-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0618",
"datePublished": "2018-07-26T17:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:28:11.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1132
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000420 | vendor-advisory, x_refsource_CONECTIVA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7091 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/5455 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:07.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2001:420",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000420"
},
{
"name": "mailman-blank-passwords(7091)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7091"
},
{
"name": "5455",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5455"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-09-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-22T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2001:420",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000420"
},
{
"name": "mailman-blank-passwords(7091)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7091"
},
{
"name": "5455",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5455"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2001:420",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000420"
},
{
"name": "mailman-blank-passwords(7091)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7091"
},
{
"name": "5455",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5455"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1132",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T04:44:07.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0202
Vulnerability from cvelistv5
Published
2005-02-09 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2005:137",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-137.html"
},
{
"name": "1013145",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013145"
},
{
"name": "oval:org.mitre.oval:def:10657",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10657"
},
{
"name": "MDKSA-2005:037",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:037"
},
{
"name": "GLSA-200502-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-11.xml"
},
{
"name": "20050209 Administrivia: List Compromised due to Mailman Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031562.html"
},
{
"name": "20050209 [USN-78-1] Mailman vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110805795122386\u0026w=2"
},
{
"name": "SUSE-SA:2005:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_07_mailman.html"
},
{
"name": "RHSA-2005:136",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-136.html"
},
{
"name": "DSA-674",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-674"
},
{
"name": "14211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14211"
},
{
"name": "APPLE-SA-2005-03-21",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via \".../....///\" sequences, which are not properly cleansed by regular expressions that are intended to remove \"../\" and \"./\" sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2005:137",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-137.html"
},
{
"name": "1013145",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013145"
},
{
"name": "oval:org.mitre.oval:def:10657",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10657"
},
{
"name": "MDKSA-2005:037",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:037"
},
{
"name": "GLSA-200502-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-11.xml"
},
{
"name": "20050209 Administrivia: List Compromised due to Mailman Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031562.html"
},
{
"name": "20050209 [USN-78-1] Mailman vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110805795122386\u0026w=2"
},
{
"name": "SUSE-SA:2005:007",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_07_mailman.html"
},
{
"name": "RHSA-2005:136",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-136.html"
},
{
"name": "DSA-674",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-674"
},
{
"name": "14211",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14211"
},
{
"name": "APPLE-SA-2005-03-21",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via \".../....///\" sequences, which are not properly cleansed by regular expressions that are intended to remove \"../\" and \"./\" sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2005:137",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-137.html"
},
{
"name": "1013145",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013145"
},
{
"name": "oval:org.mitre.oval:def:10657",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10657"
},
{
"name": "MDKSA-2005:037",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:037"
},
{
"name": "GLSA-200502-11",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-11.xml"
},
{
"name": "20050209 Administrivia: List Compromised due to Mailman Vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031562.html"
},
{
"name": "20050209 [USN-78-1] Mailman vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110805795122386\u0026w=2"
},
{
"name": "SUSE-SA:2005:007",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_07_mailman.html"
},
{
"name": "RHSA-2005:136",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-136.html"
},
{
"name": "DSA-674",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-674"
},
{
"name": "14211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14211"
},
{
"name": "APPLE-SA-2005-03-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0202",
"datePublished": "2005-02-09T05:00:00",
"dateReserved": "2005-02-01T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4153
Vulnerability from cvelistv5
Published
2005-12-11 02:00
Modified
2024-08-07 23:38
Severity ?
EPSS score ?
Summary
Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:50.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19167"
},
{
"name": "USN-242-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-242-1"
},
{
"name": "16248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16248"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "2006-0012",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0012/"
},
{
"name": "RHSA-2006:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0204.html"
},
{
"name": "oval:org.mitre.oval:def:10660",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10660"
},
{
"name": "mailman-utf8-scrubber-dos(23139)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23139"
},
{
"name": "18456",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18456"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "MDKSA-2005:222",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222"
},
{
"name": "18449",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18449"
},
{
"name": "18612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18612"
},
{
"name": "21723",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21723"
},
{
"name": "19196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19196"
},
{
"name": "DSA-955",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-955"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to \"fail with an Overflow on bad date data in a processed message,\" a different vulnerability than CVE-2005-3573."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19167"
},
{
"name": "USN-242-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-242-1"
},
{
"name": "16248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16248"
},
{
"name": "20060401-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "2006-0012",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0012/"
},
{
"name": "RHSA-2006:0204",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0204.html"
},
{
"name": "oval:org.mitre.oval:def:10660",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10660"
},
{
"name": "mailman-utf8-scrubber-dos(23139)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23139"
},
{
"name": "18456",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18456"
},
{
"name": "19532",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19532"
},
{
"name": "MDKSA-2005:222",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222"
},
{
"name": "18449",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18449"
},
{
"name": "18612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18612"
},
{
"name": "21723",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21723"
},
{
"name": "19196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19196"
},
{
"name": "DSA-955",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-955"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to \"fail with an Overflow on bad date data in a processed message,\" a different vulnerability than CVE-2005-3573."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19167"
},
{
"name": "USN-242-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-242-1"
},
{
"name": "16248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16248"
},
{
"name": "20060401-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "2006-0012",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0012/"
},
{
"name": "RHSA-2006:0204",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0204.html"
},
{
"name": "oval:org.mitre.oval:def:10660",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10660"
},
{
"name": "mailman-utf8-scrubber-dos(23139)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23139"
},
{
"name": "18456",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18456"
},
{
"name": "19532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19532"
},
{
"name": "MDKSA-2005:222",
"refsource": "MANDRIVA",
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:222"
},
{
"name": "18449",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18449"
},
{
"name": "18612",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18612"
},
{
"name": "21723",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21723"
},
{
"name": "19196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19196"
},
{
"name": "DSA-955",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-955"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4153",
"datePublished": "2005-12-11T02:00:00",
"dateReserved": "2005-12-11T00:00:00",
"dateUpdated": "2024-08-07T23:38:50.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2941
Vulnerability from cvelistv5
Published
2006-09-06 00:00
Modified
2024-08-07 18:06
Severity ?
EPSS score ?
Summary
Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers".
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:27.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-3446",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3446"
},
{
"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name": "19831",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19831"
},
{
"name": "21837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21837"
},
{
"name": "22639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22639"
},
{
"name": "1016808",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016808"
},
{
"name": "21879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21879"
},
{
"name": "USN-345-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-345-1"
},
{
"name": "GLSA-200609-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859\u0026r2=7923"
},
{
"name": "SUSE-SR:2006:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name": "MDKSA-2006:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"name": "21792",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21792"
},
{
"name": "RHSA-2006:0600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0600.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295"
},
{
"name": "21732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21732"
},
{
"name": "oval:org.mitre.oval:def:9912",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9912"
},
{
"name": "22011",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22011"
},
{
"name": "mailman-headers-dos(28732)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28732"
},
{
"name": "22020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving \"standards-breaking RFC 2231 formatted headers\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2006-3446",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3446"
},
{
"name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
},
{
"name": "19831",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19831"
},
{
"name": "21837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21837"
},
{
"name": "22639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22639"
},
{
"name": "1016808",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016808"
},
{
"name": "21879",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21879"
},
{
"name": "USN-345-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-345-1"
},
{
"name": "GLSA-200609-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://svn.sourceforge.net/viewvc/mailman/trunk/mailman/Mailman/Utils.py?r1=7859\u0026r2=7923"
},
{
"name": "SUSE-SR:2006:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
},
{
"name": "MDKSA-2006:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
},
{
"name": "21792",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21792"
},
{
"name": "RHSA-2006:0600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2006-0600.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295"
},
{
"name": "21732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21732"
},
{
"name": "oval:org.mitre.oval:def:9912",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9912"
},
{
"name": "22011",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22011"
},
{
"name": "mailman-headers-dos(28732)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28732"
},
{
"name": "22020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22020"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-2941",
"datePublished": "2006-09-06T00:00:00",
"dateReserved": "2006-06-09T00:00:00",
"dateUpdated": "2024-08-07T18:06:27.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-5024
Vulnerability from cvelistv5
Published
2011-12-29 11:00
Modified
2024-09-16 20:51
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sitewat.ch/Advisory/View/3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sitewat.ch/Advisory/View/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-12-29T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sitewat.ch/Advisory/View/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-5024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sitewat.ch/Advisory/View/3",
"refsource": "MISC",
"url": "https://sitewat.ch/Advisory/View/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-5024",
"datePublished": "2011-12-29T11:00:00Z",
"dateReserved": "2011-12-28T00:00:00Z",
"dateUpdated": "2024-09-16T20:51:59.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43331
Vulnerability from cvelistv5
Published
2021-11-12 20:44
Modified
2024-08-04 03:55
Severity ?
EPSS score ?
Summary
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/mailman/+bug/1949401 | x_refsource_MISC | |
| https://mail.python.org/archives/list/mailman-announce%40python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1949401"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mail.python.org/archives/list/mailman-announce%40python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/"
},
{
"name": "[debian-lts-announce] 20220609 [SECURITY] [DLA 3049-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T12:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/mailman/+bug/1949401"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mail.python.org/archives/list/mailman-announce%40python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/"
},
{
"name": "[debian-lts-announce] 20220609 [SECURITY] [DLA 3049-1] mailman security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-43331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mailman/+bug/1949401",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mailman/+bug/1949401"
},
{
"name": "https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/",
"refsource": "CONFIRM",
"url": "https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/"
},
{
"name": "[debian-lts-announce] 20220609 [SECURITY] [DLA 3049-1] mailman security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00011.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43331",
"datePublished": "2021-11-12T20:44:11",
"dateReserved": "2021-11-03T00:00:00",
"dateUpdated": "2024-08-04T03:55:28.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}