Search CVE reports
1 – 10 of 14 results
CVE-2021-46900
Medium prioritySympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored...
1 affected packages
sympa
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sympa | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-29668
Low prioritySympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
1 affected packages
sympa
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sympa | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-26932
Medium prioritydebian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)
1 affected packages
sympa
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sympa | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2020-26880
Medium prioritySympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the...
1 affected packages
sympa
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sympa | Not affected | Vulnerable | Vulnerable | Vulnerable | Needs evaluation |
CVE-2020-10936
High prioritySome fixes available 4 of 7
Sympa before 6.2.56 allows privilege escalation.
1 affected packages
sympa
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sympa | Not affected | Not affected | Fixed | Fixed | Fixed |
CVE-2020-9369
Medium prioritySympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.
1 affected packages
sympa
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sympa | — | — | Not affected | Not affected | Not affected |
CVE-2018-1000671
Medium prioritySome fixes available 3 of 4
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected...
1 affected packages
sympa
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sympa | — | Not affected | Not affected | Fixed | Fixed |
CVE-2018-1000550
Medium priorityThe Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem....
1 affected packages
sympa
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sympa | — | Not affected | Not affected | Fixed | Fixed |
CVE-2015-1306
Medium priorityThe newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors.
1 affected packages
sympa
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sympa | — | — | — | Not affected | Not affected |
CVE-2012-2352
Medium priorityThe archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1)...
1 affected packages
sympa
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sympa | — | — | — | — | Not affected |