Lucene search
+L

330 matches found

Prion
Prion
added 2020/10/07 6:15 p.m.16 views

Design/Logic Flaw

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...

7.2CVSS7.6AI score0.00352EPSS
Exploits0References7Affected Software3
UbuntuCve
UbuntuCve
added 2020/10/07 6:15 p.m.28 views

CVE-2020-26880

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...

7.8CVSS6.7AI score0.00352EPSS
Exploits0References4
OSV
OSV
added 2020/10/07 6:15 p.m.4 views

UBUNTU-CVE-2020-26880

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...

7.8CVSS6.7AI score0.00352EPSS
Exploits0References5
CVE
CVE
added 2020/10/07 5:33 p.m.87 views

CVE-2020-26880

CVE-2020-26880—Sympa local privilege escalation : Sympa

7.8CVSS7.5AI score0.00352EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2020/10/07 5:33 p.m.31 views

CVE-2020-26880

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...

7.6AI score0.00352EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2020/10/07 5:33 p.m.34 views

CVE-2020-26880

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...

7.8CVSS6.7AI score0.00352EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/10/07 12:0 a.m.1 views

PT-2020-16527 · Renaud Bastide Christophe Wolfhugel +1 · Sympa +1

Name of the Vulnerable Software and Affected Versions: Sympa versions through 6.2.57b.2 Description: The issue allows a local privilege escalation from the sympa user account to full root access. This is achieved by modifying the sympa.conf configuration file, which is owned by sympa, and then...

7.8CVSS5.7AI score0.03982EPSS
Exploits2References35
OSV
OSV
added 2020/10/07 12:0 a.m.19 views

DLA-2401-1 sympa - security update

Bulletin has no description...

7.8CVSS5.6AI score0.00971EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2020/08/12 12:0 a.m.8 views

The vulnerability in the web interface (wwsympa.fcgi) of the Sympa mailing list manager allows a perpetrator to escalate their privileges.

The vulnerability in the web interface wwsympa.fcgi of the Sympa mailing list manager is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to enhance their privileges through specially...

10CVSS7.7AI score0.02576EPSS
Exploits0References5Affected Software2
Ubuntu
Ubuntu
added 2020/07/28 7:9 p.m.79 views

USN-4442-1: Sympa vulnerabilities

Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP GET/POST requests. An attacker could possibly use this issue to insert, edit or obtain sensitive information. CVE-2018-1000550 It was discovered that Sympa incorrectly handled URL parameters. An attacker could possibly use this...

9.8CVSS7.5AI score0.03982EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/06/08 12:0 a.m.25 views

Fedora: Security Advisory for sympa (FEDORA-2020-d767d9077b)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS6AI score0.005EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/06/08 12:0 a.m.29 views

Fedora 32 : sympa (2020-d767d9077b)

Update to sympa 6.2.56. Fixes CVE-2020-10936. For details, see : - https://github.com/sympa-community/sympa/releases/tag/6.2.56 - https://sympa-community.github.io/security/2020-002.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora upda...

7.8CVSS7.5AI score0.005EPSS
Exploits1References3
Fedora
Fedora
added 2020/06/07 7:48 p.m.23 views

[SECURITY] Fedora 32 Update: sympa-6.2.56-1.fc32

Sympa is scalable and highly customizable mailing list manager. It can cope with big lists 200,000 subscribers and comes with a complete user and admin Web interface. It is internationalized, and supports the us, fr, de, es, it, fi, and chinese locales. A scripting language allows you to extend t...

7.8CVSS0.4AI score0.005EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/06/07 12:0 a.m.22 views

Fedora: Security Advisory for sympa (FEDORA-2020-9b6c969aac)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS6AI score0.005EPSS
Exploits1References2
Fedora
Fedora
added 2020/06/02 3:14 a.m.24 views

[SECURITY] Fedora 31 Update: sympa-6.2.56-1.fc31

Sympa is scalable and highly customizable mailing list manager. It can cope with big lists 200,000 subscribers and comes with a complete user and admin Web interface. It is internationalized, and supports the us, fr, de, es, it, fi, and chinese locales. A scripting language allows you to extend t...

7.8CVSS0.4AI score0.005EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/06/02 12:0 a.m.25 views

Fedora 31 : sympa (2020-9b6c969aac)

Update to sympa 6.2.56. Fixes CVE-2020-10936. For details, see : - https://github.com/sympa-community/sympa/releases/tag/6.2.56 - https://sympa-community.github.io/security/2020-002.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora upda...

7.8CVSS7.5AI score0.005EPSS
Exploits1References3
Veracode
Veracode
added 2020/05/28 6:44 a.m.28 views

Privilege Escalation

github.com/sympa-community/sympa is vulnerable to privilege escalation. The setuid wrappers does not clear environment variables, potentially allowing a local attacker to gain higher privileges...

7.8CVSS5.9AI score0.005EPSS
Exploits1References13Affected Software2
CNVD
CNVD
added 2020/05/28 12:0 a.m.3 views

Sympa Elevation of Privilege Vulnerability

Sympa is an open source email management list software from the Sympa community. The software supports email management, authentication and access control. A security vulnerability exists in versions prior to Sympa 6.2.56. An attacker can exploit the vulnerability to elevate privileges...

7.8CVSS7AI score0.005EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2020/05/28 12:0 a.m.18 views

FreeBSD : sympa - Security flaws in setuid wrappers (61bc44ce-9f5a-11ea-aff3-f8b156c2bfe9)

A vulnerability has been discovered in Sympa web interface by which attacker can execute arbitrary code with root privileges. Sympa uses two sorts of setuid wrappers : - FastCGI wrappers - newaliases wrapper The FastCGI wrappers wwsympa-wrapper.fcgi and sympasoapserver-wrapper.fcgi were used to...

6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/05/28 12:0 a.m.25 views

FreeBSD : sympa -- Denial of service caused by malformed CSRF token (9908a1cc-35ad-424d-be0b-7e56abd5931a)

Javier Moreno discovered a vulnerability in Sympa web interface that can cause denial of service DoS attack. By submitting requests with malformed parameters, this flaw allows to create junk files in Sympa's directory for temporary files. And particularly by tampering token to prevent CSRF, it...

7.5CVSS6.9AI score0.02915EPSS
Exploits0References3
Rows per page
Query Builder