Search criteria
39 vulnerabilities found for sympa by sympa
FKIE_CVE-2021-46900
Vulnerability from fkie_nvd - Published: 2023-12-31 05:15 - Updated: 2025-04-17 20:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/sympa-community/sympa-community.github.io/blob/master/security/2021-001.md | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://github.com/sympa-community/sympa/issues/1091 | Issue Tracking, Mitigation, Vendor Advisory | |
| cve@mitre.org | https://www.sympa.community/security/2021-001.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sympa-community/sympa-community.github.io/blob/master/security/2021-001.md | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sympa-community/sympa/issues/1091 | Issue Tracking, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sympa.community/security/2021-001.html | Mitigation, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A9DE075-6416-41D9-972D-872DCA7E20AE",
"versionEndExcluding": "6.2.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism."
},
{
"lang": "es",
"value": "Sympa anterior a 6.2.62 se basa en un par\u00e1metro de cookie para ciertos objetivos de seguridad, pero no garantiza que este par\u00e1metro exista y tenga un valor impredecible. Espec\u00edficamente, el par\u00e1metro cookie es a la vez un salt para contrase\u00f1as almacenadas y un mecanismo de protecci\u00f3n XSS."
}
],
"id": "CVE-2021-46900",
"lastModified": "2025-04-17T20:15:21.370",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-12-31T05:15:08.040",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/sympa-community/sympa-community.github.io/blob/master/security/2021-001.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/sympa-community/sympa/issues/1091"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.sympa.community/security/2021-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/sympa-community/sympa-community.github.io/blob/master/security/2021-001.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/sympa-community/sympa/issues/1091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.sympa.community/security/2021-001.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-29668
Vulnerability from fkie_nvd - Published: 2020-12-10 08:15 - Updated: 2024-11-21 05:24
Severity ?
Summary
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sympa | sympa | * | |
| sympa | sympa | 6.2.59 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BC1979-FCC4-474E-8757-3BB8F7CDA98D",
"versionEndIncluding": "6.2.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.2.59:beta1:*:*:*:*:*:*",
"matchCriteriaId": "4041E30B-5B07-43CE-98C9-638AA31DBDD5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun."
},
{
"lang": "es",
"value": "Sympa versiones anteriores a 6.2.59b.2, permite a atacantes remotos conseguir acceso completo a la API SOAP mediante el env\u00edo de cualquier cadena arbitraria (excepto una desde una cookie caducada) como el valor de la cookie para authenticateAndRun."
}
],
"id": "CVE-2020-29668",
"lastModified": "2024-11-21T05:24:24.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-10T08:15:11.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/sympa-community/sympa/issues/1041"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/sympa-community/sympa/pull/1044"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00026.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFZWDEKQFW3EH665OECDWIWM2MI7T53Y/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JICIHAJKKCZXJNIICUDYXGZFQCN6J4U6/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/sympa-community/sympa/issues/1041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/sympa-community/sympa/pull/1044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFZWDEKQFW3EH665OECDWIWM2MI7T53Y/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JICIHAJKKCZXJNIICUDYXGZFQCN6J4U6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
},
{
"lang": "en",
"value": "CWE-565"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-26932
Vulnerability from fkie_nvd - Published: 2020-10-10 18:15 - Updated: 2024-11-21 05:20
Severity ?
Summary
debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://bugs.debian.org/971904 | Vendor Advisory | |
| cve@mitre.org | https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1 | Mailing List, Vendor Advisory | |
| cve@mitre.org | https://www.debian.org/security/2020/dsa-4818 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/971904 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1 | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2020/dsa-4818 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sympa | sympa | * | |
| debian | debian_linux | - | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E6E68FA-23F9-44F6-A93A-A8BE6B6CCDEE",
"versionEndExcluding": "6.2.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5920923E-0D52-44E5-801D-10B82846ED58",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)"
},
{
"lang": "es",
"value": "debian/sympa.postinst para el paquete Debian Sympa versiones anteriores a 6.2.40~dfsg-7, usa el modo 4755 para sympa_newaliases-wrapper, mientras que los permisos previstos est\u00e1n en el modo 4750 (para el acceso del grupo sympa)"
}
],
"id": "CVE-2020-26932",
"lastModified": "2024-11-21T05:20:31.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-10T18:15:12.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.debian.org/971904"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.debian.org/971904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-26880
Vulnerability from fkie_nvd - Published: 2020-10-07 18:15 - Updated: 2024-11-21 05:20
Severity ?
Summary
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sympa | sympa | * | |
| sympa | sympa | 6.2.57 | |
| sympa | sympa | 6.2.57 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "371839E1-FA43-4288-9396-414A8D4E3A8B",
"versionEndIncluding": "6.2.56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.2.57:beta1:*:*:*:*:*:*",
"matchCriteriaId": "2038196F-EF30-49EF-8D4D-CFB0F3F6D931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.2.57:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A1737DC9-FCAF-4EB6-8480-6C99AE992A3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable."
},
{
"lang": "es",
"value": "Sympa versiones hasta 6.2.57b.2, permite una escalada de privilegios local desde la cuenta de usuario sympa hacia el acceso root completo mediante la modificaci\u00f3n del archivo de configuraci\u00f3n sympa.conf (que es propiedad de sympa) y analiz\u00e1ndolo por medio del ejecutable sympa_newaliases-wrapper de setuid"
}
],
"id": "CVE-2020-26880",
"lastModified": "2024-11-21T05:20:24.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-07T18:15:12.133",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sympa-community/sympa/issues/1009"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CUVLHGWCDA6B2NH467ZMKL6O2NGLQZN/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5MFWWYY4TSQAXBWZ6SBFX43BLUL3WWI/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2TKOL454ZKKLQCUSUPNEZ52WELN4OAH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sympa-community/sympa/issues/1009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CUVLHGWCDA6B2NH467ZMKL6O2NGLQZN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5MFWWYY4TSQAXBWZ6SBFX43BLUL3WWI/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2TKOL454ZKKLQCUSUPNEZ52WELN4OAH/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-10936
Vulnerability from fkie_nvd - Published: 2020-05-27 18:15 - Updated: 2024-11-21 04:56
Severity ?
Summary
Sympa before 6.2.56 allows privilege escalation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sympa | sympa | * | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 14.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE88A56-36C3-4CB6-A727-947C0921972F",
"versionEndExcluding": "6.2.56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sympa before 6.2.56 allows privilege escalation."
},
{
"lang": "es",
"value": "Sympa versiones anteriores a la versi\u00f3n 6.2.56, permite una escalada de privilegios."
}
],
"id": "CVE-2020-10936",
"lastModified": "2024-11-21T04:56:24.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-27T18:15:12.813",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/sympa-community/sympa/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00012.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3J4NZLGAF4ZYK52XEBQDTBNHLGBEPXXN/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3TMQ3CORUOWARALACCBG2SBTIGZ5GY5/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://sysdream.com/news/lab/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4442-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/sympa-community/sympa/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3J4NZLGAF4ZYK52XEBQDTBNHLGBEPXXN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3TMQ3CORUOWARALACCBG2SBTIGZ5GY5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://sysdream.com/news/lab/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4442-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-9369
Vulnerability from fkie_nvd - Published: 2020-02-24 18:15 - Updated: 2024-11-21 05:40
Severity ?
Summary
Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sympa | sympa | * | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0CD227-C6CC-426C-B13E-A3BE86861467",
"versionEndIncluding": "6.2.52",
"versionStartIncluding": "6.2.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters."
},
{
"lang": "es",
"value": "Sympa versiones 6.2.38 hasta 6.2.52, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de disco de archivos temporales y una avalancha de notificaciones para listmasters) por medio de una serie de peticiones con par\u00e1metros malformados."
}
],
"id": "CVE-2020-9369",
"lastModified": "2024-11-21T05:40:29.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-24T18:15:22.960",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/sympa-community/sympa/issues/886"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6TMVZ5LVYCCIHGEC7RQUMGUE7DJWUXN7/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3FUYYLV6URRLAJVWXNJYK2CNOKKNHXC/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO4WJYNNHWM7DUKCN4EWYYYPXZSOI7BQ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sympa-community.github.io/security/2020-001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/sympa-community/sympa/issues/886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6TMVZ5LVYCCIHGEC7RQUMGUE7DJWUXN7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3FUYYLV6URRLAJVWXNJYK2CNOKKNHXC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO4WJYNNHWM7DUKCN4EWYYYPXZSOI7BQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sympa-community.github.io/security/2020-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1000671
Vulnerability from fkie_nvd - Published: 2018-09-06 18:29 - Updated: 2024-11-21 03:40
Severity ?
Summary
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sympa | sympa | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85B56B5F-A52F-4E46-B3DD-5AFE371FBD0B",
"versionStartIncluding": "6.2.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in The \"referer\" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim\u0027s browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available."
},
{
"lang": "es",
"value": "sympa en versiones 6.2.16 y posteriores contiene una vulnerabilidad de redirecci\u00f3n por URL a un sitio no fiable (CWE-601) en el par\u00e1metro \"referer\" de la acci\u00f3n de inicio de sesi\u00f3n en wwsympa.fcgi. Esto puede resultar en una redirecci\u00f3n abierta y Cross-Site Scripting (XSS) reflejado mediante URI de datos. El ataque parece ser explotable si el navegador de la v\u00edctima sigue una URL proporcionada por el atacante. La vulnerabilidad no parece haber sido solucionada."
}
],
"id": "CVE-2018-1000671",
"lastModified": "2024-11-21T03:40:22.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-06T18:29:00.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/sympa-community/sympa/issues/268"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00023.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4442-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/sympa-community/sympa/issues/268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4442-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1000550
Vulnerability from fkie_nvd - Published: 2018-06-26 16:29 - Updated: 2024-11-21 03:40
Severity ?
Summary
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sympa | sympa | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07EC5CDC-0639-41D4-A71B-AC788EFCC8C9",
"versionEndExcluding": "6.2.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32."
},
{
"lang": "es",
"value": "Sympa de Sympa Community, en versiones anteriores a la 6.2.32, contiene una vulnerabilidad de salto de directorio en la funci\u00f3n de edici\u00f3n de plantillas www.sympa.fcgi que puede generar la posibilidad de crear o modificar archivos en el sistema de archivos del servidor. Parece ser que este ataque puede ser explotado mediante una petici\u00f3n HTTP GET/POST. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 6.2.32."
}
],
"id": "CVE-2018-1000550",
"lastModified": "2024-11-21T03:40:10.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-26T16:29:02.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00033.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://sympa-community.github.io/security/2018-001.html"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4442-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2018/dsa-4285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://sympa-community.github.io/security/2018-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4442-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2018/dsa-4285"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-1306
Vulnerability from fkie_nvd - Published: 2015-01-22 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sympa | sympa | 6.0.0 | |
| sympa | sympa | 6.0.1 | |
| sympa | sympa | 6.0.2 | |
| sympa | sympa | 6.0.3 | |
| sympa | sympa | 6.0.4 | |
| sympa | sympa | 6.0.5 | |
| sympa | sympa | 6.0.6 | |
| sympa | sympa | 6.0.7 | |
| sympa | sympa | 6.0.8 | |
| sympa | sympa | 6.0.9 | |
| sympa | sympa | 6.1.0 | |
| sympa | sympa | 6.1.1 | |
| sympa | sympa | 6.1.2 | |
| sympa | sympa | 6.1.3 | |
| sympa | sympa | 6.1.4 | |
| sympa | sympa | 6.1.5 | |
| sympa | sympa | 6.1.6 | |
| sympa | sympa | 6.1.7 | |
| sympa | sympa | 6.1.8 | |
| sympa | sympa | 6.1.9 | |
| sympa | sympa | 6.1.10 | |
| sympa | sympa | 6.1.11 | |
| sympa | sympa | 6.1.12 | |
| sympa | sympa | 6.1.13 | |
| sympa | sympa | 6.1.14 | |
| sympa | sympa | 6.1.15 | |
| sympa | sympa | 6.1.16 | |
| sympa | sympa | 6.1.17 | |
| sympa | sympa | 6.1.18 | |
| sympa | sympa | 6.1.19 | |
| sympa | sympa | 6.1.20 | |
| sympa | sympa | 6.1.21 | |
| sympa | sympa | 6.1.22 | |
| sympa | sympa | 6.1.23 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4BF564-2AE0-4DCE-B331-873E8480C965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BB62E4-8207-4344-87CE-FB916E7ECA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "304DCEDD-661D-400A-94AB-B0DB20843327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05707525-5CD4-49DA-B137-D6F3F793BB40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1AF942-E11C-4FF2-863E-E1C47D76D485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "01016580-A947-4DE4-9033-4697CE9AF12A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F00F31-CA66-43E8-8FE8-3DE0AC483C6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "551375FB-45DB-4CC1-BDFC-E95F2795B6E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73C4A58F-D1D0-4F90-9A67-DB72B10347F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7F5FF29A-5032-4AB4-B5BF-750B384A3253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A7F6F1-04A0-43CA-98F8-48F5511DFA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3806CA-EFF4-4DC1-827D-D720155231FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D74B084-02D3-4410-85BA-9C624A29BFC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81F89FD3-5FF5-498A-8909-E31D62AB42B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7F80BB-388F-41A7-BCD2-46EA20DC2E6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CB2B7F-325F-489D-98DF-89D2173EF676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4C251761-00A7-4C37-A9DC-E34F4BC40208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "76A7EE36-064D-4498-AC81-349CE832C03A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0560EDE9-268B-45F0-A3F0-88781EA52A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "38AD95A8-6074-43ED-806F-E1512A4ED2D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DED874B0-E182-455C-BED7-E15751DA4148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5C89CA1F-4352-45C2-B8AE-7C18EB5A4145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8C52EAD2-7F18-4431-AF5B-05BE52D5E2DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5BB42670-39BD-4AEC-BF49-EBD4AD75404A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "FAAFD5F8-2656-4944-A359-8163CBD58181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4E139BC3-D07E-42A2-B2D8-39143F3DFACC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8BCBDA07-5C4E-4584-A2FB-D681CBD4F52F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "CA67608D-8D20-4A72-83F8-A28032C3C840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A1EA5703-FF75-497D-8F88-8BD98A48FF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2C2D97-7439-4A3D-B9AE-C6990D78FAB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "20F272D3-3486-41B5-BB33-92C5ABE9B3B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "E7A420CA-4F90-4CCF-BF0A-6AC14041E659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF29DFE-7741-4BEA-8BA4-CE07D435E2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "7D034E88-50F5-469F-BEF2-AC25C43FDDB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "La \u00e1rea de anuncios (newsletter) en la interfaz web en Sympa 6.0.x anterior a 6.0.10 y 6.1.x anterior a 6.1.24 permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de vectores no especifcados."
}
],
"id": "CVE-2015-1306",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-22T15:59:00.140",
"references": [
{
"source": "security@debian.org",
"url": "http://advisories.mageia.org/MGASA-2015-0085.html"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/62387"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/62442"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2015/dsa-3134"
},
{
"source": "security@debian.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:051"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2015/01/20/4"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/72277"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.sympa.org/security_advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2015-0085.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/01/20/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.sympa.org/security_advisories"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-2352
Vulnerability from fkie_nvd - Published: 2012-05-31 17:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C17B27AC-23E2-434F-9BB7-18AF15939944",
"versionEndIncluding": "6.1.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:0.001:*:*:*:*:*:*:*",
"matchCriteriaId": "F3208BF5-1B63-4953-8802-7426C8F80AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:0.002:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E6B4F7-D4FA-4318-8759-A1A02A4A0C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:0.003:*:*:*:*:*:*:*",
"matchCriteriaId": "96D2C734-A49E-493E-B5C2-91088F2D85CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:0.004:*:*:*:*:*:*:*",
"matchCriteriaId": "56E0BD7B-42BE-480C-9262-CEBCFBB986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:0.005:*:*:*:*:*:*:*",
"matchCriteriaId": "5D4B3903-6668-4506-A781-0A9D9B8BF28F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:0.006:*:*:*:*:*:*:*",
"matchCriteriaId": "90ED75CB-779F-48F2-BA15-75D63B0D3096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:0.007:*:*:*:*:*:*:*",
"matchCriteriaId": "D3F1B140-62B0-473A-B6B1-17B4F617D89C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:0.008:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1E43F5-532C-4A83-84AA-AF9126CE2CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:0.009:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2BDA2D-43B8-4D2A-8DE4-4C77AAF97947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:0.010:*:*:*:*:*:*:*",
"matchCriteriaId": "724A3C0A-9BC2-4AA6-AE96-F8C55FC48849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:0.011:*:*:*:*:*:*:*",
"matchCriteriaId": "1E68DF4F-2128-4C94-8E22-CD7211516348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C9A23B-C8AF-49D9-9903-7DE02BFDD67D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "029358EB-0364-4D97-B829-85119DFA52BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "074D0A2E-F47E-4F33-A6B7-113AB7F06A10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2885638-1FA3-4999-8E41-9D2AD3C05A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C31299BE-61F5-4908-B2C1-47292E980329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:1.3.1-2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C420CC8-44C1-4802-8A95-E600B9AB7081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47B1A3C1-8620-4606-A82E-B711DB5BC73B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3E6A6F6-2879-4AC3-AEBB-0A0FE1C809EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EC66B684-8ECB-41AA-B5F9-2B3F8C099C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:1.3.4-1:*:*:*:*:*:*:*",
"matchCriteriaId": "1CEC4E75-F8F2-4BCA-9743-7FB0B62C2CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86ED13ED-1C4A-4A96-9CBC-1CBD37D3C9E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6614D477-FAFA-40DB-AB50-988C9C32C144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F8A8E19-79A6-4F66-8156-B18128E30D95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:1.4.2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "813952B1-A3EF-4BDD-9D60-60400ADC2F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F5C84691-7FC4-4AB4-9347-CBD35FF4DAD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.2.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "CA008F46-8282-45C5-9098-4E5AC4EEA9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.2.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "CB906126-2D66-4148-8F96-DA50CE6998C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.2.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "677ED6AF-066D-40B6-835D-6278BC7B417B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "69588B6A-CA26-4AF5-8D58-811EF810886C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "32269B73-089E-43FA-8685-E6FF186C5EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8160B236-0410-4789-9B02-4B8128BC791B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "55FACF98-3A75-4428-B761-05C67183367E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4AFACC-511E-4022-902C-ECCEE24AC292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.3:beta:*:*:*:*:*:*",
"matchCriteriaId": "25E2CF09-112D-43B5-A556-DC21FA59BC11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5690073-7AA6-4CC1-A4E1-34AB6236061F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49569B6B-F42F-4C11-84EF-90B29E70AD99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0031C064-F2A5-42D3-8926-C78618862B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "457C43C9-D11D-4403-89C8-2231A83FD696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "59CFB558-6C22-45A8-B902-641B5EE699CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B12ECDA-0392-4A96-B3C7-5449131A4454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0A5B0A99-4439-4EAD-B5F0-02BE4C0CCC26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F68DE2B2-F6BA-4286-A1D9-C03F54EDB784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA964AEF-5B79-49A2-922D-2EEDD8FBCC74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.5.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "12232649-60D4-413B-83A6-BF50767ECE65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.5.4b:*:*:*:*:*:*:*",
"matchCriteriaId": "1659E3A0-BC47-4510-A533-F12EA8E95574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D5573757-2E17-4B2D-8F83-415A0CBC2231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9277362E-954C-45CA-8FD3-FCB6DF81D9D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8BBCDF02-2F13-4900-A449-0F624094A8ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B3F8C0-9A20-4A68-B3D7-24188588B8D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8D995E-3634-4D70-84F9-D3626267C47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63EC9E16-1BF1-4999-B10E-3F3E36069560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "122E99D7-7C43-4E84-A00C-640A827373C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.7b.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D35E600-9CD2-49C5-915C-BF3CA783DFAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.7b.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2744A6B5-8BC1-45B4-8693-1FDB4FA129B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:2.7b.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7813C195-3774-423F-A516-F7A9EE088AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CDE8A4-792B-4D2E-A722-4404D1EC73A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9AC9AE-1D8D-4979-B01D-DC2C4CF2B346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.0a.1:*:*:*:*:*:*:*",
"matchCriteriaId": "826A12E1-8CEB-4C4C-98A6-BE7983532CB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.0b.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DBC7E6D-12E0-404F-95CA-6ED534B1988C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.0b.8:*:*:*:*:*:*:*",
"matchCriteriaId": "ED42E06D-A2A7-4A4D-9F04-C64218F136B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.0b.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7D438CB2-B956-46FA-9B8C-A8D88CE4B2C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7614757-F106-4EEF-8086-00B9D4C813CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A51FCAC6-A1BE-45B6-8319-43ACA7E761A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.1b.7:*:*:*:*:*:*:*",
"matchCriteriaId": "534B15A7-1047-4AD1-B4DD-E3D22925CC72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.1b.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EE21D81C-245A-494D-A38E-5DD3D40266BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.1b.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E77134DA-7D36-44D2-B9E5-20CCD0F5B9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.1b.10:*:*:*:*:*:*:*",
"matchCriteriaId": "429D2C09-CBBA-45AE-A588-24978052E9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.1b.12:*:*:*:*:*:*:*",
"matchCriteriaId": "70919A0E-E97E-408C-8369-0C484D66BA2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.1b.13:*:*:*:*:*:*:*",
"matchCriteriaId": "910EC1FB-C86D-4082-AEE3-816918AFE059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8AEF83-C528-47F6-AB5A-EE220F248E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00735DD5-28EB-471E-A752-58758A0DB0C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.2.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "2948FC69-B3AF-48AE-A752-5E85D55EE0A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75180EC6-7333-439E-8349-07E0B7985EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08C5B74E-A70C-415F-9158-FD777030C0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DD97291-4C62-465F-8DDB-BD9AB1818C27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.3.4b.3:*:*:*:*:*:*:*",
"matchCriteriaId": "07D1AE25-96D2-4BDE-A1A8-21BE5442A6D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.3.4b.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBC95C6-910E-4F44-9255-4EA439688EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.3.4b.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D2C5394-51B5-4068-8C92-681B6CB5D3C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.3.4b.6:*:*:*:*:*:*:*",
"matchCriteriaId": "98AD402F-3EEB-491D-9CD8-E18C55D016BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.3.4b.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8DE4F5-86AA-41E5-8058-F59A1D25CEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.3.4b.8:*:*:*:*:*:*:*",
"matchCriteriaId": "72DC6557-D9BF-47B0-BC67-F6EAC89974B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.3.4b.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B73FAEE4-E1A2-4D71-B8A9-37981D26920A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1891AE-B74E-47E1-B3E8-024E28CA1632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.3.6b.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12943A0D-5E1E-4842-AD2E-4CE7E2F94640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.3.6b.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B06E726D-1C76-4E4D-886A-F1763097EBC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.3.6b.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52242171-94E3-4D63-AE73-9BD2F37EECE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.3.6b.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA439B9D-928C-44BE-BCF5-5D1503979605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.3.6b.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9776D60D-91F2-4562-AE83-DD695D62016F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.3.6b.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AF05F122-E643-4648-B464-F2A542A59293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.3b.3:*:*:*:*:*:*:*",
"matchCriteriaId": "50B681F5-94E5-4185-9F6D-AD0762B1A690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.3b.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8E341C-F4A5-415B-B7C2-81AF7FB0A986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F961F141-5B14-4AB2-BEAE-5F0341DFCBBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:4.0.a1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA40B80D-DBAC-49C7-8AB5-918CD2DB0C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:4.0.a3:*:*:*:*:*:*:*",
"matchCriteriaId": "C621BCEE-887A-4B1B-A048-D3636B9EFFD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:4.0.a4:*:*:*:*:*:*:*",
"matchCriteriaId": "947C74D5-BDD5-4529-AE6A-522CD8903BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:4.0.a5:*:*:*:*:*:*:*",
"matchCriteriaId": "70FDCE81-C624-425C-B678-935416D5D183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:4.0.a6:*:*:*:*:*:*:*",
"matchCriteriaId": "509E103D-7D66-4C71-883F-87BFB9134947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:4.0.a7:*:*:*:*:*:*:*",
"matchCriteriaId": "A46EB3D7-6926-486A-B731-27887F58CF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:4.0.a8:*:*:*:*:*:*:*",
"matchCriteriaId": "52551262-2531-430C-A2B9-51F42FCA8FCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:4.0.a9:*:*:*:*:*:*:*",
"matchCriteriaId": "18762458-1469-45F0-B9F2-701602A76C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:4.0.b1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD593FAE-71B9-4C04-B183-2A3083FDA276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:4.0.b2:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6494CE-0E9D-4B56-A09F-C3080B6F6974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:4.0.b3:*:*:*:*:*:*:*",
"matchCriteriaId": "65583ADB-CB47-4E8B-83C1-5AC24A0A5076",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C16EFE-0F19-4082-8A0A-B8EAD35C2D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:4.2b.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB797E2-74B9-4EDE-A61A-BAEEF7104660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:4.2b.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0B8BCB-0CA5-48AB-AEDE-DFA56E267B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36476C74-E8EC-46B1-A044-1D4EB939795C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "2C566DEF-E3C0-4FB5-BFB6-D243DAA84DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.0a.1:*:*:*:*:*:*:*",
"matchCriteriaId": "511F87A0-B85D-479E-9BD9-3A301F7E0F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "691C2460-35EF-4E25-A75E-0DBAF0C47B82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.0b.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B952E38-C0CA-4411-952B-40D53F5E377B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6997C75-36E1-41BE-BF29-1A2929917995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6A0762-9D17-4591-9C35-0FE241B0E11A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C62FDF7-898B-4492-9640-40939436CA8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "9049087A-4A1C-4538-AA88-F3AFA0134B85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.2b2:*:*:*:*:*:*:*",
"matchCriteriaId": "9ADAB39A-CEF6-427F-AFF3-7D1A22B6B9A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5947A7FF-4397-4CEB-ABF6-0543FACAC891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24FEA9D2-D8DB-45ED-B1EA-810439C110E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.3a.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3235F808-1AB4-484E-AD27-7A7D3419B664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.3a.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCB5592-4C54-466C-945A-393CF8F7C058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.3a.10:*:*:*:*:*:*:*",
"matchCriteriaId": "26B4AAE7-3B2A-4977-AA9E-8D7201E0154F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.3b.1:*:*:*:*:*:*:*",
"matchCriteriaId": "42B7F70E-95E8-4604-A53A-514AC110E604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.3b.3:*:*:*:*:*:*:*",
"matchCriteriaId": "43536723-E89C-4BC6-AD3E-88B614A53D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.3b.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F7A2F899-15C0-4260-979F-6989056F3A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.3b.5:*:*:*:*:*:*:*",
"matchCriteriaId": "01A3B273-D793-4F97-B1C1-96DE8B7F6E80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "52082B40-C619-4389-9403-6DF6610AB721",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C9982EC-F4E7-4154-90CE-A5744B3AF034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "484B19A0-06CB-4820-AD58-540657C475E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BA761279-C483-4C2E-9A9A-EE07E152277C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.4a.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B9C45A-21C1-4CA6-B65D-730D35070DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.4a.4:*:*:*:*:*:*:*",
"matchCriteriaId": "10022D33-92E5-4F27-A98A-8EE68AF39E2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:5.4b.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A874DDD-ECC0-478C-8029-198B1109215B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D3308CE8-847C-4D6B-BCFC-B860B7D9EAFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BB62E4-8207-4344-87CE-FB916E7ECA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "304DCEDD-661D-400A-94AB-B0DB20843327",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "05707525-5CD4-49DA-B137-D6F3F793BB40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1AF942-E11C-4FF2-863E-E1C47D76D485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "01016580-A947-4DE4-9033-4697CE9AF12A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F00F31-CA66-43E8-8FE8-3DE0AC483C6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0b.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F60DB8C7-6D44-480B-A0F3-B7A6220F7F78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0b.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA32E7A9-896E-4D13-A56E-6E463179F464",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0b.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F43DDD64-605C-4783-A22D-F6B2C1526C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.0b.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67484472-F2A7-4C78-A7DD-25A267E9BFD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE3806CA-EFF4-4DC1-827D-D720155231FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D74B084-02D3-4410-85BA-9C624A29BFC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "81F89FD3-5FF5-498A-8909-E31D62AB42B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7F80BB-388F-41A7-BCD2-46EA20DC2E6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CB2B7F-325F-489D-98DF-89D2173EF676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4C251761-00A7-4C37-A9DC-E34F4BC40208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "76A7EE36-064D-4498-AC81-349CE832C03A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0560EDE9-268B-45F0-A3F0-88781EA52A7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "38AD95A8-6074-43ED-806F-E1512A4ED2D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1b.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9398726E-FE63-4A0E-A86C-E5332DA9E1CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1b.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7D539B3E-7CE5-4823-93AE-47319B5DA191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1b.3:*:*:*:*:*:*:*",
"matchCriteriaId": "40858C6C-7053-4CF0-9054-E23EB77E19E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1b.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B668EDE-876B-43B7-B345-C0617B4FBEC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sympa:sympa:6.1b.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8B7497-7A1E-438B-820B-D24A9E2DA9CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions."
},
{
"lang": "es",
"value": "La p\u00e1gina de gesti\u00f3n de archivos (arc_manage) en WWSympa/wwsympa.fcgi.in en Sympa antes del v6.1.11 no comprueba los permisos, lo que permite a atacantes remotos listar, leer y borrar archivos de lista de su elecci\u00f3n a trav\u00e9s de vectores relacionados con las funciones (a) do_arc_manage, (2) do_arc_download, o (3) do_arc_delete."
}
],
"id": "CVE-2012-2352",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-05-31T17:55:04.887",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49045"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49237"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2477"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/8"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/8"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/81890"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/53503"
},
{
"source": "secalert@redhat.com",
"url": "https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa\u0026r1=6706\u0026r2=7358\u0026pathrev=7358"
},
{
"source": "secalert@redhat.com",
"url": "https://www.sympa.org/distribution/latest-stable/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/81890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa\u0026r1=6706\u0026r2=7358\u0026pathrev=7358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.sympa.org/distribution/latest-stable/NEWS"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-46900 (GCVE-0-2021-46900)
Vulnerability from cvelistv5 – Published: 2023-12-31 00:00 – Updated: 2025-04-17 19:53
VLAI?
Summary
Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.sympa.community/security/2021-001.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa-community.github.io/blob/master/security/2021-001.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa/issues/1091"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-46900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-05T18:52:22.884660Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T19:53:17.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T04:25:34.516Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.sympa.community/security/2021-001.html"
},
{
"url": "https://github.com/sympa-community/sympa-community.github.io/blob/master/security/2021-001.md"
},
{
"url": "https://github.com/sympa-community/sympa/issues/1091"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46900",
"datePublished": "2023-12-31T00:00:00.000Z",
"dateReserved": "2023-12-31T00:00:00.000Z",
"dateUpdated": "2025-04-17T19:53:17.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29668 (GCVE-0-2020-29668)
Vulnerability from cvelistv5 – Published: 2020-12-10 07:53 – Updated: 2024-08-04 16:55
VLAI?
Summary
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa/issues/1041"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa/pull/1044"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020"
},
{
"name": "[debian-lts-announce] 20201217 [SECURITY] [DLA 2499-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00026.html"
},
{
"name": "DSA-4818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
},
{
"name": "FEDORA-2021-a5570c5281",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JICIHAJKKCZXJNIICUDYXGZFQCN6J4U6/"
},
{
"name": "FEDORA-2021-11cb6626e2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFZWDEKQFW3EH665OECDWIWM2MI7T53Y/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T03:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sympa-community/sympa/issues/1041"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sympa-community/sympa/pull/1044"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020"
},
{
"name": "[debian-lts-announce] 20201217 [SECURITY] [DLA 2499-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00026.html"
},
{
"name": "DSA-4818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
},
{
"name": "FEDORA-2021-a5570c5281",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JICIHAJKKCZXJNIICUDYXGZFQCN6J4U6/"
},
{
"name": "FEDORA-2021-11cb6626e2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFZWDEKQFW3EH665OECDWIWM2MI7T53Y/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sympa-community/sympa/issues/1041",
"refsource": "MISC",
"url": "https://github.com/sympa-community/sympa/issues/1041"
},
{
"name": "https://github.com/sympa-community/sympa/pull/1044",
"refsource": "MISC",
"url": "https://github.com/sympa-community/sympa/pull/1044"
},
{
"name": "https://github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.md",
"refsource": "MISC",
"url": "https://github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.md"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020"
},
{
"name": "[debian-lts-announce] 20201217 [SECURITY] [DLA 2499-1] sympa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00026.html"
},
{
"name": "DSA-4818",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4818"
},
{
"name": "FEDORA-2021-a5570c5281",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JICIHAJKKCZXJNIICUDYXGZFQCN6J4U6/"
},
{
"name": "FEDORA-2021-11cb6626e2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFZWDEKQFW3EH665OECDWIWM2MI7T53Y/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29668",
"datePublished": "2020-12-10T07:53:33",
"dateReserved": "2020-12-10T00:00:00",
"dateUpdated": "2024-08-04T16:55:10.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26932 (GCVE-0-2020-26932)
Vulnerability from cvelistv5 – Published: 2020-10-10 17:57 – Updated: 2024-08-04 16:03
VLAI?
Summary
debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:03:22.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/971904"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1"
},
{
"name": "DSA-4818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-24T11:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/971904"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1"
},
{
"name": "DSA-4818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/971904",
"refsource": "MISC",
"url": "https://bugs.debian.org/971904"
},
{
"name": "https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1",
"refsource": "MISC",
"url": "https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1"
},
{
"name": "DSA-4818",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4818"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26932",
"datePublished": "2020-10-10T17:57:23",
"dateReserved": "2020-10-10T00:00:00",
"dateUpdated": "2024-08-04T16:03:22.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26880 (GCVE-0-2020-26880)
Vulnerability from cvelistv5 – Published: 2020-10-07 17:33 – Updated: 2024-08-04 16:03
VLAI?
Summary
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:03:22.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa/issues/1009"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235"
},
{
"name": "[debian-lts-announce] 20201109 [SECURITY] [DLA 2441-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html"
},
{
"name": "FEDORA-2021-a309986711",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2TKOL454ZKKLQCUSUPNEZ52WELN4OAH/"
},
{
"name": "FEDORA-2021-af8fa074ad",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CUVLHGWCDA6B2NH467ZMKL6O2NGLQZN/"
},
{
"name": "FEDORA-2021-aa993dd633",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5MFWWYY4TSQAXBWZ6SBFX43BLUL3WWI/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-09T02:06:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sympa-community/sympa/issues/1009"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235"
},
{
"name": "[debian-lts-announce] 20201109 [SECURITY] [DLA 2441-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html"
},
{
"name": "FEDORA-2021-a309986711",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2TKOL454ZKKLQCUSUPNEZ52WELN4OAH/"
},
{
"name": "FEDORA-2021-af8fa074ad",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CUVLHGWCDA6B2NH467ZMKL6O2NGLQZN/"
},
{
"name": "FEDORA-2021-aa993dd633",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5MFWWYY4TSQAXBWZ6SBFX43BLUL3WWI/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sympa-community/sympa/issues/1009",
"refsource": "MISC",
"url": "https://github.com/sympa-community/sympa/issues/1009"
},
{
"name": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420",
"refsource": "MISC",
"url": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420"
},
{
"name": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235",
"refsource": "MISC",
"url": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235"
},
{
"name": "[debian-lts-announce] 20201109 [SECURITY] [DLA 2441-1] sympa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html"
},
{
"name": "FEDORA-2021-a309986711",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2TKOL454ZKKLQCUSUPNEZ52WELN4OAH/"
},
{
"name": "FEDORA-2021-af8fa074ad",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5CUVLHGWCDA6B2NH467ZMKL6O2NGLQZN/"
},
{
"name": "FEDORA-2021-aa993dd633",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5MFWWYY4TSQAXBWZ6SBFX43BLUL3WWI/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26880",
"datePublished": "2020-10-07T17:33:49",
"dateReserved": "2020-10-07T00:00:00",
"dateUpdated": "2024-08-04T16:03:22.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10936 (GCVE-0-2020-10936)
Vulnerability from cvelistv5 – Published: 2020-05-27 17:38 – Updated: 2024-08-04 11:21
VLAI?
Summary
Sympa before 6.2.56 allows privilege escalation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:12.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sysdream.com/news/lab/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/"
},
{
"name": "FEDORA-2020-9b6c969aac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3J4NZLGAF4ZYK52XEBQDTBNHLGBEPXXN/"
},
{
"name": "FEDORA-2020-d767d9077b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3TMQ3CORUOWARALACCBG2SBTIGZ5GY5/"
},
{
"name": "USN-4442-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4442-1/"
},
{
"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2401-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00012.html"
},
{
"name": "DSA-4818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sympa before 6.2.56 allows privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-24T11:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sysdream.com/news/lab/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sympa-community/sympa/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/"
},
{
"name": "FEDORA-2020-9b6c969aac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3J4NZLGAF4ZYK52XEBQDTBNHLGBEPXXN/"
},
{
"name": "FEDORA-2020-d767d9077b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3TMQ3CORUOWARALACCBG2SBTIGZ5GY5/"
},
{
"name": "USN-4442-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4442-1/"
},
{
"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2401-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00012.html"
},
{
"name": "DSA-4818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sympa before 6.2.56 allows privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sysdream.com/news/lab/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/"
},
{
"name": "https://github.com/sympa-community/sympa/releases",
"refsource": "MISC",
"url": "https://github.com/sympa-community/sympa/releases"
},
{
"name": "https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/"
},
{
"name": "FEDORA-2020-9b6c969aac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3J4NZLGAF4ZYK52XEBQDTBNHLGBEPXXN/"
},
{
"name": "FEDORA-2020-d767d9077b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3TMQ3CORUOWARALACCBG2SBTIGZ5GY5/"
},
{
"name": "USN-4442-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4442-1/"
},
{
"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2401-1] sympa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00012.html"
},
{
"name": "DSA-4818",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4818"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10936",
"datePublished": "2020-05-27T17:38:01",
"dateReserved": "2020-03-24T00:00:00",
"dateUpdated": "2024-08-04T11:21:12.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9369 (GCVE-0-2020-9369)
Vulnerability from cvelistv5 – Published: 2020-02-24 17:25 – Updated: 2024-08-04 10:26
VLAI?
Summary
Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sympa-community.github.io/security/2020-001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa/issues/886"
},
{
"name": "FEDORA-2020-79516cb689",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO4WJYNNHWM7DUKCN4EWYYYPXZSOI7BQ/"
},
{
"name": "FEDORA-2020-bb5aa250c9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6TMVZ5LVYCCIHGEC7RQUMGUE7DJWUXN7/"
},
{
"name": "FEDORA-2020-8f7dcb7d00",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3FUYYLV6URRLAJVWXNJYK2CNOKKNHXC/"
},
{
"name": "DSA-4818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-24T11:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sympa-community.github.io/security/2020-001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sympa-community/sympa/issues/886"
},
{
"name": "FEDORA-2020-79516cb689",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO4WJYNNHWM7DUKCN4EWYYYPXZSOI7BQ/"
},
{
"name": "FEDORA-2020-bb5aa250c9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6TMVZ5LVYCCIHGEC7RQUMGUE7DJWUXN7/"
},
{
"name": "FEDORA-2020-8f7dcb7d00",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3FUYYLV6URRLAJVWXNJYK2CNOKKNHXC/"
},
{
"name": "DSA-4818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sympa-community.github.io/security/2020-001.html",
"refsource": "MISC",
"url": "https://sympa-community.github.io/security/2020-001.html"
},
{
"name": "https://github.com/sympa-community/sympa/issues/886",
"refsource": "MISC",
"url": "https://github.com/sympa-community/sympa/issues/886"
},
{
"name": "FEDORA-2020-79516cb689",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XO4WJYNNHWM7DUKCN4EWYYYPXZSOI7BQ/"
},
{
"name": "FEDORA-2020-bb5aa250c9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6TMVZ5LVYCCIHGEC7RQUMGUE7DJWUXN7/"
},
{
"name": "FEDORA-2020-8f7dcb7d00",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3FUYYLV6URRLAJVWXNJYK2CNOKKNHXC/"
},
{
"name": "DSA-4818",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4818"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9369",
"datePublished": "2020-02-24T17:25:39",
"dateReserved": "2020-02-24T00:00:00",
"dateUpdated": "2024-08-04T10:26:16.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000671 (GCVE-0-2018-1000671)
Vulnerability from cvelistv5 – Published: 2018-09-06 18:00 – Updated: 2024-08-05 12:40
VLAI?
Summary
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa/issues/268"
},
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1512-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00023.html"
},
{
"name": "USN-4442-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4442-1/"
},
{
"name": "[debian-lts-announce] 20201109 [SECURITY] [DLA 2441-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-09-03T00:00:00",
"datePublic": "2018-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in The \"referer\" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim\u0027s browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-09T14:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sympa-community/sympa/issues/268"
},
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1512-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00023.html"
},
{
"name": "USN-4442-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4442-1/"
},
{
"name": "[debian-lts-announce] 20201109 [SECURITY] [DLA 2441-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-09-03T16:07:16.981347",
"DATE_REQUESTED": "2018-08-26T16:04:53",
"ID": "CVE-2018-1000671",
"REQUESTER": "john@nixnuts.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in The \"referer\" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim\u0027s browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sympa-community/sympa/issues/268",
"refsource": "MISC",
"url": "https://github.com/sympa-community/sympa/issues/268"
},
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1512-1] sympa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00023.html"
},
{
"name": "USN-4442-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4442-1/"
},
{
"name": "[debian-lts-announce] 20201109 [SECURITY] [DLA 2441-1] sympa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000671",
"datePublished": "2018-09-06T18:00:00",
"dateReserved": "2018-08-26T00:00:00",
"dateUpdated": "2024-08-05T12:40:47.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000550 (GCVE-0-2018-1000550)
Vulnerability from cvelistv5 – Published: 2018-06-26 16:00 – Updated: 2024-08-05 12:40
VLAI?
Summary
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sympa-community.github.io/security/2018-001.html"
},
{
"name": "DSA-4285",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4285"
},
{
"name": "[debian-lts-announce] 20180724 [SECURITY] [DLA 1441-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00033.html"
},
{
"name": "USN-4442-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4442-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-06-23T00:00:00",
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-04T20:06:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sympa-community.github.io/security/2018-001.html"
},
{
"name": "DSA-4285",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4285"
},
{
"name": "[debian-lts-announce] 20180724 [SECURITY] [DLA 1441-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00033.html"
},
{
"name": "USN-4442-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4442-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-06-23T11:22:33.073045",
"DATE_REQUESTED": "2018-04-19T15:27:54",
"ID": "CVE-2018-1000550",
"REQUESTER": "ikeda@conversion.co.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sympa-community.github.io/security/2018-001.html",
"refsource": "MISC",
"url": "https://sympa-community.github.io/security/2018-001.html"
},
{
"name": "DSA-4285",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4285"
},
{
"name": "[debian-lts-announce] 20180724 [SECURITY] [DLA 1441-1] sympa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00033.html"
},
{
"name": "USN-4442-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4442-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000550",
"datePublished": "2018-06-26T16:00:00",
"dateReserved": "2018-04-19T00:00:00",
"dateUpdated": "2024-08-05T12:40:47.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1306 (GCVE-0-2015-1306)
Vulnerability from cvelistv5 – Published: 2015-01-22 15:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2015:051",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:051"
},
{
"name": "[oss-security] 20150120 Possible CVE request: sympa: vulnerability in the web interface",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/20/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sympa.org/security_advisories"
},
{
"name": "62387",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62387"
},
{
"name": "72277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72277"
},
{
"name": "62442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62442"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0085.html"
},
{
"name": "DSA-3134",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-19T15:57:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "MDVSA-2015:051",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:051"
},
{
"name": "[oss-security] 20150120 Possible CVE request: sympa: vulnerability in the web interface",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/20/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sympa.org/security_advisories"
},
{
"name": "62387",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62387"
},
{
"name": "72277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72277"
},
{
"name": "62442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62442"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0085.html"
},
{
"name": "DSA-3134",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3134"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-1306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2015:051",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:051"
},
{
"name": "[oss-security] 20150120 Possible CVE request: sympa: vulnerability in the web interface",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/20/4"
},
{
"name": "https://www.sympa.org/security_advisories",
"refsource": "CONFIRM",
"url": "https://www.sympa.org/security_advisories"
},
{
"name": "62387",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62387"
},
{
"name": "72277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72277"
},
{
"name": "62442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62442"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0085.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0085.html"
},
{
"name": "DSA-3134",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3134"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-1306",
"datePublished": "2015-01-22T15:00:00",
"dateReserved": "2015-01-22T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2352 (GCVE-0-2012-2352)
Vulnerability from cvelistv5 – Published: 2012-05-31 17:00 – Updated: 2024-08-06 19:34
VLAI?
Summary
The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa\u0026r1=6706\u0026r2=7358\u0026pathrev=7358"
},
{
"name": "DSA-2477",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2477"
},
{
"name": "[oss-security] 20120512 Re: CVE request: sympa (try again)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/8"
},
{
"name": "53503",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53503"
},
{
"name": "[oss-security] 20120511 CVE request: sympa (try again)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/8"
},
{
"name": "[oss-security] 20120511 Re: CVE request: sympa (try again)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/2"
},
{
"name": "81890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/81890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sympa.org/distribution/latest-stable/NEWS"
},
{
"name": "49045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49045"
},
{
"name": "49237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49237"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-13T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa\u0026r1=6706\u0026r2=7358\u0026pathrev=7358"
},
{
"name": "DSA-2477",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2477"
},
{
"name": "[oss-security] 20120512 Re: CVE request: sympa (try again)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/8"
},
{
"name": "53503",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53503"
},
{
"name": "[oss-security] 20120511 CVE request: sympa (try again)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/8"
},
{
"name": "[oss-security] 20120511 Re: CVE request: sympa (try again)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/2"
},
{
"name": "81890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/81890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sympa.org/distribution/latest-stable/NEWS"
},
{
"name": "49045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49045"
},
{
"name": "49237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49237"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa\u0026r1=6706\u0026r2=7358\u0026pathrev=7358",
"refsource": "CONFIRM",
"url": "https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa\u0026r1=6706\u0026r2=7358\u0026pathrev=7358"
},
{
"name": "DSA-2477",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2477"
},
{
"name": "[oss-security] 20120512 Re: CVE request: sympa (try again)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/8"
},
{
"name": "53503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53503"
},
{
"name": "[oss-security] 20120511 CVE request: sympa (try again)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/8"
},
{
"name": "[oss-security] 20120511 Re: CVE request: sympa (try again)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/2"
},
{
"name": "81890",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81890"
},
{
"name": "https://www.sympa.org/distribution/latest-stable/NEWS",
"refsource": "CONFIRM",
"url": "https://www.sympa.org/distribution/latest-stable/NEWS"
},
{
"name": "49045",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49045"
},
{
"name": "49237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49237"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2352",
"datePublished": "2012-05-31T17:00:00",
"dateReserved": "2012-04-19T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46900 (GCVE-0-2021-46900)
Vulnerability from nvd – Published: 2023-12-31 00:00 – Updated: 2025-04-17 19:53
VLAI?
Summary
Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.sympa.community/security/2021-001.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa-community.github.io/blob/master/security/2021-001.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa/issues/1091"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-46900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-05T18:52:22.884660Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T19:53:17.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T04:25:34.516Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.sympa.community/security/2021-001.html"
},
{
"url": "https://github.com/sympa-community/sympa-community.github.io/blob/master/security/2021-001.md"
},
{
"url": "https://github.com/sympa-community/sympa/issues/1091"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46900",
"datePublished": "2023-12-31T00:00:00.000Z",
"dateReserved": "2023-12-31T00:00:00.000Z",
"dateUpdated": "2025-04-17T19:53:17.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29668 (GCVE-0-2020-29668)
Vulnerability from nvd – Published: 2020-12-10 07:53 – Updated: 2024-08-04 16:55
VLAI?
Summary
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa/issues/1041"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa/pull/1044"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020"
},
{
"name": "[debian-lts-announce] 20201217 [SECURITY] [DLA 2499-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00026.html"
},
{
"name": "DSA-4818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
},
{
"name": "FEDORA-2021-a5570c5281",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JICIHAJKKCZXJNIICUDYXGZFQCN6J4U6/"
},
{
"name": "FEDORA-2021-11cb6626e2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFZWDEKQFW3EH665OECDWIWM2MI7T53Y/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-13T03:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sympa-community/sympa/issues/1041"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sympa-community/sympa/pull/1044"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020"
},
{
"name": "[debian-lts-announce] 20201217 [SECURITY] [DLA 2499-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00026.html"
},
{
"name": "DSA-4818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
},
{
"name": "FEDORA-2021-a5570c5281",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JICIHAJKKCZXJNIICUDYXGZFQCN6J4U6/"
},
{
"name": "FEDORA-2021-11cb6626e2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFZWDEKQFW3EH665OECDWIWM2MI7T53Y/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sympa-community/sympa/issues/1041",
"refsource": "MISC",
"url": "https://github.com/sympa-community/sympa/issues/1041"
},
{
"name": "https://github.com/sympa-community/sympa/pull/1044",
"refsource": "MISC",
"url": "https://github.com/sympa-community/sympa/pull/1044"
},
{
"name": "https://github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.md",
"refsource": "MISC",
"url": "https://github.com/sympa-community/sympa/blob/6.2.59b.2/NEWS.md"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976020"
},
{
"name": "[debian-lts-announce] 20201217 [SECURITY] [DLA 2499-1] sympa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00026.html"
},
{
"name": "DSA-4818",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4818"
},
{
"name": "FEDORA-2021-a5570c5281",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JICIHAJKKCZXJNIICUDYXGZFQCN6J4U6/"
},
{
"name": "FEDORA-2021-11cb6626e2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFZWDEKQFW3EH665OECDWIWM2MI7T53Y/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29668",
"datePublished": "2020-12-10T07:53:33",
"dateReserved": "2020-12-10T00:00:00",
"dateUpdated": "2024-08-04T16:55:10.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26932 (GCVE-0-2020-26932)
Vulnerability from nvd – Published: 2020-10-10 17:57 – Updated: 2024-08-04 16:03
VLAI?
Summary
debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:03:22.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/971904"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1"
},
{
"name": "DSA-4818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-24T11:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/971904"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1"
},
{
"name": "DSA-4818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/971904",
"refsource": "MISC",
"url": "https://bugs.debian.org/971904"
},
{
"name": "https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1",
"refsource": "MISC",
"url": "https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1"
},
{
"name": "DSA-4818",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4818"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26932",
"datePublished": "2020-10-10T17:57:23",
"dateReserved": "2020-10-10T00:00:00",
"dateUpdated": "2024-08-04T16:03:22.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26880 (GCVE-0-2020-26880)
Vulnerability from nvd – Published: 2020-10-07 17:33 – Updated: 2024-08-04 16:03
VLAI?
Summary
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:03:22.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa/issues/1009"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235"
},
{
"name": "[debian-lts-announce] 20201109 [SECURITY] [DLA 2441-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html"
},
{
"name": "FEDORA-2021-a309986711",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2TKOL454ZKKLQCUSUPNEZ52WELN4OAH/"
},
{
"name": "FEDORA-2021-af8fa074ad",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CUVLHGWCDA6B2NH467ZMKL6O2NGLQZN/"
},
{
"name": "FEDORA-2021-aa993dd633",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5MFWWYY4TSQAXBWZ6SBFX43BLUL3WWI/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-09T02:06:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sympa-community/sympa/issues/1009"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235"
},
{
"name": "[debian-lts-announce] 20201109 [SECURITY] [DLA 2441-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html"
},
{
"name": "FEDORA-2021-a309986711",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2TKOL454ZKKLQCUSUPNEZ52WELN4OAH/"
},
{
"name": "FEDORA-2021-af8fa074ad",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CUVLHGWCDA6B2NH467ZMKL6O2NGLQZN/"
},
{
"name": "FEDORA-2021-aa993dd633",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5MFWWYY4TSQAXBWZ6SBFX43BLUL3WWI/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sympa-community/sympa/issues/1009",
"refsource": "MISC",
"url": "https://github.com/sympa-community/sympa/issues/1009"
},
{
"name": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420",
"refsource": "MISC",
"url": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420"
},
{
"name": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235",
"refsource": "MISC",
"url": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235"
},
{
"name": "[debian-lts-announce] 20201109 [SECURITY] [DLA 2441-1] sympa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html"
},
{
"name": "FEDORA-2021-a309986711",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2TKOL454ZKKLQCUSUPNEZ52WELN4OAH/"
},
{
"name": "FEDORA-2021-af8fa074ad",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5CUVLHGWCDA6B2NH467ZMKL6O2NGLQZN/"
},
{
"name": "FEDORA-2021-aa993dd633",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5MFWWYY4TSQAXBWZ6SBFX43BLUL3WWI/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26880",
"datePublished": "2020-10-07T17:33:49",
"dateReserved": "2020-10-07T00:00:00",
"dateUpdated": "2024-08-04T16:03:22.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10936 (GCVE-0-2020-10936)
Vulnerability from nvd – Published: 2020-05-27 17:38 – Updated: 2024-08-04 11:21
VLAI?
Summary
Sympa before 6.2.56 allows privilege escalation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:12.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sysdream.com/news/lab/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/"
},
{
"name": "FEDORA-2020-9b6c969aac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3J4NZLGAF4ZYK52XEBQDTBNHLGBEPXXN/"
},
{
"name": "FEDORA-2020-d767d9077b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3TMQ3CORUOWARALACCBG2SBTIGZ5GY5/"
},
{
"name": "USN-4442-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4442-1/"
},
{
"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2401-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00012.html"
},
{
"name": "DSA-4818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sympa before 6.2.56 allows privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-24T11:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sysdream.com/news/lab/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sympa-community/sympa/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/"
},
{
"name": "FEDORA-2020-9b6c969aac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3J4NZLGAF4ZYK52XEBQDTBNHLGBEPXXN/"
},
{
"name": "FEDORA-2020-d767d9077b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3TMQ3CORUOWARALACCBG2SBTIGZ5GY5/"
},
{
"name": "USN-4442-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4442-1/"
},
{
"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2401-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00012.html"
},
{
"name": "DSA-4818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sympa before 6.2.56 allows privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sysdream.com/news/lab/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/"
},
{
"name": "https://github.com/sympa-community/sympa/releases",
"refsource": "MISC",
"url": "https://github.com/sympa-community/sympa/releases"
},
{
"name": "https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/"
},
{
"name": "FEDORA-2020-9b6c969aac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3J4NZLGAF4ZYK52XEBQDTBNHLGBEPXXN/"
},
{
"name": "FEDORA-2020-d767d9077b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3TMQ3CORUOWARALACCBG2SBTIGZ5GY5/"
},
{
"name": "USN-4442-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4442-1/"
},
{
"name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2401-1] sympa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00012.html"
},
{
"name": "DSA-4818",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4818"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10936",
"datePublished": "2020-05-27T17:38:01",
"dateReserved": "2020-03-24T00:00:00",
"dateUpdated": "2024-08-04T11:21:12.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9369 (GCVE-0-2020-9369)
Vulnerability from nvd – Published: 2020-02-24 17:25 – Updated: 2024-08-04 10:26
VLAI?
Summary
Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sympa-community.github.io/security/2020-001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa/issues/886"
},
{
"name": "FEDORA-2020-79516cb689",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO4WJYNNHWM7DUKCN4EWYYYPXZSOI7BQ/"
},
{
"name": "FEDORA-2020-bb5aa250c9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6TMVZ5LVYCCIHGEC7RQUMGUE7DJWUXN7/"
},
{
"name": "FEDORA-2020-8f7dcb7d00",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3FUYYLV6URRLAJVWXNJYK2CNOKKNHXC/"
},
{
"name": "DSA-4818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-24T11:06:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sympa-community.github.io/security/2020-001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sympa-community/sympa/issues/886"
},
{
"name": "FEDORA-2020-79516cb689",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO4WJYNNHWM7DUKCN4EWYYYPXZSOI7BQ/"
},
{
"name": "FEDORA-2020-bb5aa250c9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6TMVZ5LVYCCIHGEC7RQUMGUE7DJWUXN7/"
},
{
"name": "FEDORA-2020-8f7dcb7d00",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A3FUYYLV6URRLAJVWXNJYK2CNOKKNHXC/"
},
{
"name": "DSA-4818",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4818"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-9369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sympa-community.github.io/security/2020-001.html",
"refsource": "MISC",
"url": "https://sympa-community.github.io/security/2020-001.html"
},
{
"name": "https://github.com/sympa-community/sympa/issues/886",
"refsource": "MISC",
"url": "https://github.com/sympa-community/sympa/issues/886"
},
{
"name": "FEDORA-2020-79516cb689",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XO4WJYNNHWM7DUKCN4EWYYYPXZSOI7BQ/"
},
{
"name": "FEDORA-2020-bb5aa250c9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6TMVZ5LVYCCIHGEC7RQUMGUE7DJWUXN7/"
},
{
"name": "FEDORA-2020-8f7dcb7d00",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A3FUYYLV6URRLAJVWXNJYK2CNOKKNHXC/"
},
{
"name": "DSA-4818",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4818"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-9369",
"datePublished": "2020-02-24T17:25:39",
"dateReserved": "2020-02-24T00:00:00",
"dateUpdated": "2024-08-04T10:26:16.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000671 (GCVE-0-2018-1000671)
Vulnerability from nvd – Published: 2018-09-06 18:00 – Updated: 2024-08-05 12:40
VLAI?
Summary
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sympa-community/sympa/issues/268"
},
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1512-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00023.html"
},
{
"name": "USN-4442-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4442-1/"
},
{
"name": "[debian-lts-announce] 20201109 [SECURITY] [DLA 2441-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-09-03T00:00:00",
"datePublic": "2018-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in The \"referer\" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim\u0027s browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-09T14:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sympa-community/sympa/issues/268"
},
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1512-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00023.html"
},
{
"name": "USN-4442-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4442-1/"
},
{
"name": "[debian-lts-announce] 20201109 [SECURITY] [DLA 2441-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-09-03T16:07:16.981347",
"DATE_REQUESTED": "2018-08-26T16:04:53",
"ID": "CVE-2018-1000671",
"REQUESTER": "john@nixnuts.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in The \"referer\" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim\u0027s browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sympa-community/sympa/issues/268",
"refsource": "MISC",
"url": "https://github.com/sympa-community/sympa/issues/268"
},
{
"name": "[debian-lts-announce] 20180921 [SECURITY] [DLA 1512-1] sympa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00023.html"
},
{
"name": "USN-4442-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4442-1/"
},
{
"name": "[debian-lts-announce] 20201109 [SECURITY] [DLA 2441-1] sympa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000671",
"datePublished": "2018-09-06T18:00:00",
"dateReserved": "2018-08-26T00:00:00",
"dateUpdated": "2024-08-05T12:40:47.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000550 (GCVE-0-2018-1000550)
Vulnerability from nvd – Published: 2018-06-26 16:00 – Updated: 2024-08-05 12:40
VLAI?
Summary
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sympa-community.github.io/security/2018-001.html"
},
{
"name": "DSA-4285",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4285"
},
{
"name": "[debian-lts-announce] 20180724 [SECURITY] [DLA 1441-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00033.html"
},
{
"name": "USN-4442-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4442-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-06-23T00:00:00",
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-04T20:06:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sympa-community.github.io/security/2018-001.html"
},
{
"name": "DSA-4285",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4285"
},
{
"name": "[debian-lts-announce] 20180724 [SECURITY] [DLA 1441-1] sympa security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00033.html"
},
{
"name": "USN-4442-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4442-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-06-23T11:22:33.073045",
"DATE_REQUESTED": "2018-04-19T15:27:54",
"ID": "CVE-2018-1000550",
"REQUESTER": "ikeda@conversion.co.jp",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This vulnerability appears to have been fixed in 6.2.32."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sympa-community.github.io/security/2018-001.html",
"refsource": "MISC",
"url": "https://sympa-community.github.io/security/2018-001.html"
},
{
"name": "DSA-4285",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4285"
},
{
"name": "[debian-lts-announce] 20180724 [SECURITY] [DLA 1441-1] sympa security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00033.html"
},
{
"name": "USN-4442-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4442-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000550",
"datePublished": "2018-06-26T16:00:00",
"dateReserved": "2018-04-19T00:00:00",
"dateUpdated": "2024-08-05T12:40:47.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1306 (GCVE-0-2015-1306)
Vulnerability from nvd – Published: 2015-01-22 15:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2015:051",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:051"
},
{
"name": "[oss-security] 20150120 Possible CVE request: sympa: vulnerability in the web interface",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/20/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sympa.org/security_advisories"
},
{
"name": "62387",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62387"
},
{
"name": "72277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72277"
},
{
"name": "62442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62442"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0085.html"
},
{
"name": "DSA-3134",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-19T15:57:00",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "MDVSA-2015:051",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:051"
},
{
"name": "[oss-security] 20150120 Possible CVE request: sympa: vulnerability in the web interface",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/20/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sympa.org/security_advisories"
},
{
"name": "62387",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62387"
},
{
"name": "72277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72277"
},
{
"name": "62442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62442"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0085.html"
},
{
"name": "DSA-3134",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3134"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-1306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2015:051",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:051"
},
{
"name": "[oss-security] 20150120 Possible CVE request: sympa: vulnerability in the web interface",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/20/4"
},
{
"name": "https://www.sympa.org/security_advisories",
"refsource": "CONFIRM",
"url": "https://www.sympa.org/security_advisories"
},
{
"name": "62387",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62387"
},
{
"name": "72277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72277"
},
{
"name": "62442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62442"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0085.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0085.html"
},
{
"name": "DSA-3134",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3134"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-1306",
"datePublished": "2015-01-22T15:00:00",
"dateReserved": "2015-01-22T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2352 (GCVE-0-2012-2352)
Vulnerability from nvd – Published: 2012-05-31 17:00 – Updated: 2024-08-06 19:34
VLAI?
Summary
The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa\u0026r1=6706\u0026r2=7358\u0026pathrev=7358"
},
{
"name": "DSA-2477",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2477"
},
{
"name": "[oss-security] 20120512 Re: CVE request: sympa (try again)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/8"
},
{
"name": "53503",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53503"
},
{
"name": "[oss-security] 20120511 CVE request: sympa (try again)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/8"
},
{
"name": "[oss-security] 20120511 Re: CVE request: sympa (try again)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/2"
},
{
"name": "81890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/81890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sympa.org/distribution/latest-stable/NEWS"
},
{
"name": "49045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49045"
},
{
"name": "49237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49237"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-13T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa\u0026r1=6706\u0026r2=7358\u0026pathrev=7358"
},
{
"name": "DSA-2477",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2477"
},
{
"name": "[oss-security] 20120512 Re: CVE request: sympa (try again)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/8"
},
{
"name": "53503",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53503"
},
{
"name": "[oss-security] 20120511 CVE request: sympa (try again)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/8"
},
{
"name": "[oss-security] 20120511 Re: CVE request: sympa (try again)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/2"
},
{
"name": "81890",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/81890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sympa.org/distribution/latest-stable/NEWS"
},
{
"name": "49045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49045"
},
{
"name": "49237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49237"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa\u0026r1=6706\u0026r2=7358\u0026pathrev=7358",
"refsource": "CONFIRM",
"url": "https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa\u0026r1=6706\u0026r2=7358\u0026pathrev=7358"
},
{
"name": "DSA-2477",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2477"
},
{
"name": "[oss-security] 20120512 Re: CVE request: sympa (try again)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/8"
},
{
"name": "53503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53503"
},
{
"name": "[oss-security] 20120511 CVE request: sympa (try again)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/8"
},
{
"name": "[oss-security] 20120511 Re: CVE request: sympa (try again)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/2"
},
{
"name": "81890",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81890"
},
{
"name": "https://www.sympa.org/distribution/latest-stable/NEWS",
"refsource": "CONFIRM",
"url": "https://www.sympa.org/distribution/latest-stable/NEWS"
},
{
"name": "49045",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49045"
},
{
"name": "49237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49237"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2352",
"datePublished": "2012-05-31T17:00:00",
"dateReserved": "2012-04-19T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}