Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sympa sympa vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-46900
Sympa prior to 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.
Sympa Sympa
383
VMScore
CVE-2020-29668
Sympa prior to 6.2.59b.2 allows remote malicious users to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
Sympa Sympa 6.2.59
Sympa Sympa
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
356
VMScore
CVE-2020-26932
debian/sympa.postinst for the Debian Sympa package prior to 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)
Sympa Sympa
Debian Debian Linux 10.0
641
VMScore
CVE-2020-26880
Sympa up to and including 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.
Sympa Sympa 6.2.57
Sympa Sympa
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
641
VMScore
CVE-2020-10936
Sympa prior to 6.2.56 allows privilege escalation.
Sympa Sympa
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 14.04
445
VMScore
CVE-2020-9369
Sympa 6.2.38 up to and including 6.2.52 allows remote malicious users to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.
Sympa Sympa
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 10.0
516
VMScore
CVE-2018-1000671
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack a...
Sympa Sympa
Debian Debian Linux 8.0
668
VMScore
CVE-2018-1000550
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/PO...
Sympa Sympa
Debian Debian Linux 8.0
445
VMScore
CVE-2015-1306
The newsletter posting area in the web interface in Sympa 6.0.x prior to 6.0.10 and 6.1.x prior to 6.1.24 allows remote malicious users to read arbitrary files via unspecified vectors.
Sympa Sympa 6.0.3
Sympa Sympa 6.0.5
Sympa Sympa 6.1.7
Sympa Sympa 6.1.5
Sympa Sympa 6.1.0
Sympa Sympa 6.1.11
Sympa Sympa 6.1.13
Sympa Sympa 6.1.18
Sympa Sympa 6.1.20
Sympa Sympa 6.0.4
Sympa Sympa 6.0.6
Sympa Sympa 6.1.8
Sympa Sympa 6.1.6
Sympa Sympa 6.1.10
Sympa Sympa 6.1.12
Sympa Sympa 6.1.19
Sympa Sympa 6.1.21
Sympa Sympa 6.0.0
Sympa Sympa 6.0.1
Sympa Sympa 6.0.2
Sympa Sympa 6.1.4
Sympa Sympa 6.1.3
668
VMScore
CVE-2012-2352
The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa prior to 6.1.11 does not check permissions, which allows remote malicious users to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3)...
Sympa Sympa 6.1.6
Sympa Sympa 6.1.5
Sympa Sympa 6.0.4
Sympa Sympa 6.1b.4
Sympa Sympa 6.0
Sympa Sympa 6.0b.4
Sympa Sympa 5.4
Sympa Sympa 5.4b.1
Sympa Sympa 5.3b.1
Sympa Sympa 5.3a.10
Sympa Sympa 5.1
Sympa Sympa 5.0
Sympa Sympa 4.1
Sympa Sympa 4.0.b3
Sympa Sympa 4.0.b2
Sympa Sympa 4.0.a4
Sympa Sympa 4.0.a3
Sympa Sympa 3.3.6b.2
Sympa Sympa 3.3.6b.1
Sympa Sympa 3.3.4b.3
Sympa Sympa 3.3.3
Sympa Sympa 3.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »