Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mailman vulnerabilities and exploits
(subscribe to this query)
2.6
CVSSv2
CVE-2020-15011
GNU Mailman prior to 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
Gnu Mailman
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2020-12108
/options/mailman in GNU Mailman prior to 2.1.31 allows Arbitrary Content Injection.
Gnu Mailman
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
4.3
CVSSv2
CVE-2020-12137
GNU Mailman 2.x prior to 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perfor...
Gnu Mailman
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 8.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Opensuse Leap 15.2
Opensuse Backports Sle 15.0
7.2
CVSSv2
CVE-2019-3693
A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local malicious users to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed...
Suse Mailman
Opensuse Backports Sle 15.0
6.5
CVSSv2
CVE-2016-10792
cPanel prior to 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141).
Cpanel Cpanel
4.6
CVSSv2
CVE-2017-18415
cPanel prior to 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302).
Cpanel Cpanel
6.5
CVSSv2
CVE-2017-18403
cPanel prior to 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337).
Cpanel Cpanel
3.5
CVSSv2
CVE-2018-0618
Cross-site scripting vulnerability in Mailman 2.1.26 and previous versions allows remote authenticated malicious users to inject arbitrary web script or HTML via unspecified vectors.
Gnu Mailman
Debian Debian Linux 9.0
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2018-13796
An issue exists in GNU Mailman prior to 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
Gnu Mailman
4.3
CVSSv2
CVE-2011-5024
Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote malicious users to inject arbitrary web script or HTML via the config parameter.
Gnu Mailman 2.1.3
Gnu Mailman 2.1.8
Gnu Mailman 2.1.11
Gnu Mailman 2.1.2
Gnu Mailman 2.1.9
Gnu Mailman 2.0.13
Gnu Mailman 2.1.6
Gnu Mailman 2.1
Gnu Mailman 2.1.10
Gnu Mailman 2.1.1
Gnu Mailman 2.1.12
Gnu Mailman 2.1.7
Gnu Mailman 2.1.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »