CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34337
https://notcve.org/view.php?id=CVE-2021-34337
15 Apr 2023 — An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces. • https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a196bb51 • CWE-208: Observable Timing Discrepancy •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-44227 – mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover
https://notcve.org/view.php?id=CVE-2021-44227
02 Dec 2021 — In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. En GNU Mailman versiones anteriores a 2.1.38, un miembro o moderador de la lista puede conseguir un token de tipo CSRF y diseñar una petición de administración (usando ese token) para establecer una nueva contraseña de administrador o hacer otros cambios A Cross-Site Request Forgery (CSRF) attack can be performed in mailman due to a CS... • https://bugs.launchpad.net/mailman/+bug/1952384 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43332 – Ubuntu Security Notice USN-5151-1
https://notcve.org/view.php?id=CVE-2021-43332
12 Nov 2021 — In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack. En GNU Mailman versiones anteriores a 2.1.36, el token CSRF para la página Cgi/admindb.py admindb contiene una versión encriptada de la contraseña del administrador de la lista. Esto podría ser potencialmente descifrado por un moderador por medio de un ataque de fuerza bruta fuera de líne... • https://bugs.launchpad.net/mailman/+bug/1949403 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43331 – Ubuntu Security Notice USN-5151-1
https://notcve.org/view.php?id=CVE-2021-43331
12 Nov 2021 — In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. En GNU Mailman versiones anteriores a 2.1.36, una URL diseñada para la página de opciones de usuario Cgi/options.py puede ejecutar JavaScript arbitrario para XSS It was discovered that Mailman incorrectly handled certain URL. An attacker could possibly use this issue to execute arbitrary code. It was discovered that Mailman incorrectly handled certain inputs. An attacker could possib... • https://bugs.launchpad.net/mailman/+bug/1949401 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42097 – mailman: CSRF token bypass allows to perform CSRF attacks and account takeover
https://notcve.org/view.php?id=CVE-2021-42097
21 Oct 2021 — GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover). GNU Mailman versiones anteriores a 2.1.35, puede permitir una escalada de privilegios remota. Un valor csrf_token no es específico de una sola cuenta de usuario. • http://www.openwall.com/lists/oss-security/2021/10/21/4 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-42096 – mailman: CSRF token derived from admin password allows offline brute-force attack
https://notcve.org/view.php?id=CVE-2021-42096
21 Oct 2021 — GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password. GNU Mailman versiones anteriores a 2.1.35, puede permitir una Escalada de Privilegios remota. Un determinado valor de csrf_token es derivado de la contraseña del administrador, y puede ser útil para llevar a cabo un ataque de fuerza bruta contra esa contraseña Sensitive information is exposed to unprivilege... • http://www.openwall.com/lists/oss-security/2021/10/21/4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2020-15011 – mailman: arbitrary content injection via the private archive login page
https://notcve.org/view.php?id=CVE-2020-15011
24 Jun 2020 — GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. GNU Mailman versiones anteriores a 2.1.33, permite una inyección de contenido arbitrario por medio de la página de inicio de sesión del archivo privado Cgi/private.py Several vulnerabilities were discovered in mailman, a web-based mailing list manager, which could result in arbitrary content injection via the options and private archive login pages, and CSRF attacks or privilege escalation via the... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-12108 – mailman: arbitrary content injection via the options login page
https://notcve.org/view.php?id=CVE-2020-12108
06 May 2020 — /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. El archivo /options/mailman en GNU Mailman versiones anteriores a 2.1.31, permite una Inyección de Contenido Arbitrario. USN-5009-1 fixed vulnerabilities in Mailman. This update provides the corresponding updates for Ubuntu 20.04 LTS. It was discovered that Mailman allows arbitrary content injection. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2020-12137 – mailman: XSS via file attachments in list archives
https://notcve.org/view.php?id=CVE-2020-12137
24 Apr 2020 — GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing, conclude that the MIME type should have been text/html, and execute JavaScript code. GNU Mailman versiones 2.x anteriores a la versión 2.1.30, usa una extensión .obj para partes MIME de aplications/octet-stream. Este ... • http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2019-3693 – Local privilege escalation from user wwwrun to root in the packaging of mailman
https://notcve.org/view.php?id=CVE-2019-3693
24 Jan 2020 — A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.1... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00059.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •