4 matches found
Updated sympa packages fix security vulnerability
Updated sympa packages fix security vulnerability: Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service disk consumption from temporary files, and a flood of notifications to listmasters via a series of requests with malformed parameters CVE-2020-9369...
CVE-2020-9369
Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service disk consumption from temporary files, and a flood of notifications to listmasters via a series of requests with malformed parameters...
sympa -- Denial of service caused by malformed CSRF token
Javier Moreno discovered a vulnerability in Sympa web interface that can cause denial of service DoS attack. By submitting requests with malformed parameters, this flaw allows to create junk files in Sympa's directory for temporary files. And particularly by tampering token to prevent CSRF, it...
Updated sympa packages fix security vulnerability
Updated sympa packages fix security vulnerability: Michael Kaczmarczik discovered a vulnerability in the web interface template editing function of Sympa, a mailing list manager. Owner and listmasters could use this flaw to create or modify arbitrary files in the server with privileges of sympa...