rpm package
suse/mailman&distro=SUSE Enterprise Storage 5
pkg:rpm/suse/mailman&distro=SUSE%20Enterprise%20Storage%205
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-15011 | — | < 2.1.17-3.23.1 | 2.1.17-3.23.1 | Jun 24, 2020 | GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page. | ||
| CVE-2020-12108 | — | < 2.1.17-3.20.1 | 2.1.17-3.20.1 | May 6, 2020 | /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. | ||
| CVE-2020-12137 | — | < 2.1.17-3.20.1 | 2.1.17-3.20.1 | Apr 24, 2020 | GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform | ||
| CVE-2019-3693 | — | < 2.1.17-3.11.1 | 2.1.17-3.11.1 | Jan 24, 2020 | A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to gr |
- CVE-2020-15011Jun 24, 2020affected < 2.1.17-3.23.1fixed 2.1.17-3.23.1
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
- CVE-2020-12108May 6, 2020affected < 2.1.17-3.20.1fixed 2.1.17-3.20.1
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.
- CVE-2020-12137Apr 24, 2020affected < 2.1.17-3.20.1fixed 2.1.17-3.20.1
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform
- CVE-2019-3693Jan 24, 2020affected < 2.1.17-3.11.1fixed 2.1.17-3.11.1
A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to gr