CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

OSV•added 2021/06/01 9:56 p.m.•12 views

GHSA-H39G-Q63V-4H9P Exposure of sensitive information to an unauthorized actor in HyperKitty

An issue was discovered in management/commands/hyperkittyimport.py in HyperKitty prior to 1.3.5. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour durin...

8.7CVSS7.2AI score0.00406EPSS

Exploits1References9

Github Security Blog•added 2021/06/01 9:56 p.m.•64 views

Exposure of sensitive information to an unauthorized actor in HyperKitty

7.5CVSS0.8AI score0.00406EPSS

Exploits1References8Affected Software1

Tenable Nessus•added 2021/06/01 12:0 a.m.•23 views

Debian DSA-4922-1 : hyperkitty - security update

Amir Sarabadani and Kunal Mehta discovered that the import functionality of Hyperkitty, the web user interface to access Mailman 3 archives, did not restrict the visibility of private archives during the import, i.e. that during the import of a private Mailman 2 archive the archive was publicly...

7.5CVSS7.2AI score0.00406EPSS

Exploits1References4

NVD•added 2021/05/26 2:15 p.m.•10 views

CVE-2021-33038

An issue was discovered in management/commands/hyperkittyimport.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during...

7.5CVSS0.00406EPSS

Exploits1References4

UbuntuCve•added 2021/05/26 2:15 p.m.•15 views

CVE-2021-33038

7.5CVSS7.1AI score0.00406EPSS

Exploits1References3

OSV•added 2021/05/26 2:15 p.m.•16 views

PYSEC-2021-77

7.5CVSS1.4AI score0.00406EPSS

Exploits1References4

Cvelist•added 2021/05/26 1:51 p.m.•15 views

CVE-2021-33038

7.5AI score0.00406EPSS

Exploits1References4

Debian CVE•added 2021/05/26 1:51 p.m.•15 views

CVE-2021-33038

7.5CVSS7.4AI score0.00406EPSS

Exploits1

CVE•added 2021/05/26 1:51 p.m.•191 views

CVE-2021-33038

CVE-2021-33038 affects HyperKitty prior to 1.3.5: when importing a private mailing-list archive via management/commands/hyperkitty_import.py, archives are publicly visible during the import, potentially exposing sensitive information. Documented in multiple advisories; affected software is HyperK...

7.5CVSS7.2AI score0.00406EPSS

Exploits1References4Affected Software1

Tenable Nessus•added 2020/11/12 12:0 a.m.•95 views

Oracle Linux 8 : mailman:2.1 (ELSA-2020-4667)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-4667 advisory. - Fix for CVE-2020-12137 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested...

6.1CVSS6.8AI score0.05217EPSS

Exploits0References2

RedhatCVE•added 2020/04/30 5:41 p.m.•31 views

CVE-2020-12137

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...

6.1CVSS1.7AI score0.05217EPSS

Exploits0References3

NVD•added 2020/04/24 1:15 p.m.•15 views

CVE-2020-12137

6.1CVSS6.1AI score0.05217EPSS

Exploits0References11

Debian CVE•added 2020/04/24 12:37 p.m.•29 views

CVE-2020-12137

Removed by vendor...

6.1CVSS6.8AI score0.05217EPSS

Exploits0

Cvelist•added 2020/04/24 12:37 p.m.•21 views