Lucene search
K

330 matches found

Tenable Nessus
Tenable Nessus
added 2020/12/18 12:0 a.m.28 views

Debian DLA-2499-1 : sympa security update

Sympa, a modern mailing list manager, grants full SOAP API access by sending invalid string as the cookie value, if the SOAP endpoint was enabled. An attacker could manipulate the mailing lists, including subscribing e-mails or getting the list of subscribers. For Debian 9 stretch, this problem h...

4.3CVSS6.1AI score0.01957EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2020/12/18 12:0 a.m.33 views

Debian: Security Advisory (DLA-2499-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS4.6AI score0.01957EPSS
Exploits1References4
Debian
Debian
added 2020/12/17 2:7 p.m.37 views

[SECURITY] [DLA 2499-1] sympa security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2499-1 [email protected] https://www.debian.org/lts/security/ December 17, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...

4.3CVSS4.2AI score0.01957EPSS
Exploits1
OSV
OSV
added 2020/12/17 12:0 a.m.19 views

DLA-2499-1 sympa - security update

Bulletin has no description...

4.3CVSS4.1AI score0.01957EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/12/15 12:0 a.m.21 views

Sympa < 6.2.60 SOAP API Vulnerability

Sympa is prone to an authentication bypass vulnerability in the SOAP API. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...

4.3CVSS4.6AI score0.01957EPSS
Exploits1References2
Veracode
Veracode
added 2020/12/11 8:5 a.m.24 views

Authorization Bypass

sympa is vulnerable to authorization bypass. The vulnerability exists as remote attackers can obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...

3.7CVSS5.6AI score0.01957EPSS
Exploits1References11Affected Software1
NVD
NVD
added 2020/12/10 8:15 a.m.14 views

CVE-2020-29668

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...

4.3CVSS4.5AI score0.01957EPSS
Exploits1References8
OSV
OSV
added 2020/12/10 8:15 a.m.24 views

CVE-2020-29668

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...

3.7CVSS6.8AI score
Exploits0References8
OSV
OSV
added 2020/12/10 8:15 a.m.1 views

DEBIAN-CVE-2020-29668

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...

3.7CVSS6.4AI score0.01957EPSS
Exploits1References1
OSV
OSV
added 2020/12/10 8:15 a.m.1 views

UBUNTU-CVE-2020-29668

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...

3.7CVSS7AI score0.01957EPSS
Exploits1References6
Prion
Prion
added 2020/12/10 8:15 a.m.20 views

Code injection

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...

4.3CVSS4.4AI score0.01957EPSS
Exploits1References8Affected Software3
UbuntuCve
UbuntuCve
added 2020/12/10 8:15 a.m.21 views

CVE-2020-29668

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...

4.3CVSS6.7AI score0.01957EPSS
Exploits1References5
CVE
CVE
added 2020/12/10 7:53 a.m.86 views

CVE-2020-29668

CVE-2020-29668 affects Sympa prior to 6.2.59b.2. The issue allows remote attackers to obtain full SOAP API access by sending an arbitrary string (except one from an expired cookie) as the cookie value to the authenticateAndRun endpoint. The public description in the initial document confirms the ...

4.3CVSS4.3AI score0.01957EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2020/12/10 7:53 a.m.31 views

CVE-2020-29668

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...

4.4AI score0.01957EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2020/12/10 7:53 a.m.22 views

CVE-2020-29668

Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...

4.3CVSS5.2AI score0.01957EPSS
Exploits1
CNNVD
CNNVD
added 2020/12/10 12:0 a.m.9 views

Sympa Authorization Issues Vulnerability

Sympa is an open source email management list software from the Sympa community. The software supports email management, authentication and access control. An authorization issue vulnerability exists in Sympa version 6.2.59b and earlier, which can be exploited by an attacker to gain full SOAP API...

4.3CVSS6.6AI score0.01957EPSS
Exploits1References12
Veracode
Veracode
added 2020/12/06 4:11 a.m.19 views

Insecure Permissions

sympa does not securely configure file permissions. debian/sympa.postinst uses mode 4755 for sympanewaliases-wrapper while the intended permissions are mode 4750 for access by the sympa group...

4.3CVSS1.9AI score0.00971EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2020/12/06 3:54 a.m.24 views

Open Redirection

sympa is vulnerable to open redirect. An attacker is able to supply a crafted URL to a victim's browser...

6.1CVSS3.5AI score0.03982EPSS
Exploits0References5Affected Software1
FreeBSD
FreeBSD
added 2020/11/24 12:0 a.m.25 views

sympa -- Unauthorised full access via SOAP API due to illegal cookie

Sympa community reports: Unauthorised full access via SOAP API due to illegal cookie...

4.3CVSS4.7AI score0.01957EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2020/11/12 12:0 a.m.15 views

Sympa <= 6.2.59 Privilege Escalation Vulnerability

Sympa is prone to a privilege escalation vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...

7.8CVSS7.8AI score0.00352EPSS
Exploits0References3
Rows per page
Query Builder