Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mailman vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-34337
An issue exists in Mailman Core prior to 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability ...
Gnu Mailman
6.8
CVSSv2
CVE-2021-44227
In GNU Mailman prior to 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
Gnu Mailman
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2021-43331
In GNU Mailman prior to 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
Gnu Mailman
Debian Debian Linux 9.0
4
CVSSv2
CVE-2021-43332
In GNU Mailman prior to 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.
Gnu Mailman
Debian Debian Linux 9.0
4
CVSSv2
CVE-2021-42096
GNU Mailman prior to 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
Gnu Mailman
Debian Debian Linux 10.0
8.5
CVSSv2
CVE-2021-42097
GNU Mailman prior to 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for ...
Gnu Mailman
Debian Debian Linux 10.0
5.5
CVSSv2
CVE-2021-40347
An issue exists in views/list.py in GNU Mailman Postorius prior to 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place.
Postorius Project Postorius
4.3
CVSSv2
CVE-2021-38354
The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.0.6.
Gnu-mailman Integration Project Gnu-mailman Integration
5
CVSSv2
CVE-2021-33038
An issue exists in management/commands/hyperkitty_import.py in HyperKitty up to and including 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on...
Hyperkitty Project Hyperkitty
Debian Debian Linux 10.0
5
CVSSv2
CVE-2020-26103
In cPanel prior to 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551).
Cpanel Cpanel
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »