Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu mailman vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-44227
In GNU Mailman prior to 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
Gnu Mailman
Debian Debian Linux 9.0
8
CVSSv3
CVE-2021-42097
GNU Mailman prior to 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for ...
Gnu Mailman
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2021-43332
In GNU Mailman prior to 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.
Gnu Mailman
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2020-12108
/options/mailman in GNU Mailman prior to 2.1.31 allows Arbitrary Content Injection.
Gnu Mailman
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
6.5
CVSSv3
CVE-2018-13796
An issue exists in GNU Mailman prior to 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
Gnu Mailman
6.3
CVSSv3
CVE-2021-34337
An issue exists in Mailman Core prior to 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability ...
Gnu Mailman
6.1
CVSSv3
CVE-2021-43331
In GNU Mailman prior to 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
Gnu Mailman
Debian Debian Linux 9.0
6.1
CVSSv3
CVE-2021-38354
The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.0.6.
Gnu-mailman Integration Project Gnu-mailman Integration
6.1
CVSSv3
CVE-2020-12137
GNU Mailman 2.x prior to 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perfor...
Gnu Mailman
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 8.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Opensuse Leap 15.2
Opensuse Backports Sle 15.0
5.4
CVSSv3
CVE-2021-40347
An issue exists in views/list.py in GNU Mailman Postorius prior to 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place.
Postorius Project Postorius
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »