CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

SUSE CVE•added 2025/04/23 2:37 a.m.•3 views

SUSE CVE-2025-43919

GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman aka the private archive authentication endpoint via the username parameter. NOTE: multiple third parties report that they are unable t...

7.5CVSS7.3AI score0.00924EPSS

Exploits3References3

OSV•added 2025/04/20 1:15 a.m.•1 views

CVE-2025-43919

7.5CVSS5.9AI score0.00924EPSS

Exploits3References4

OSV•added 2025/04/20 1:15 a.m.•0 views

UBUNTU-CVE-2025-43919

7.5CVSS5.9AI score0.00924EPSS

Exploits3References4

SUSE CVE•added 2023/02/15 3:57 a.m.•2 views

SUSE CVE-2020-15011

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page...

6.5CVSS7.5AI score0.01332EPSS

Exploits0References7

Tenable Nessus•added 2021/11/01 12:0 a.m.•35 views

Ubuntu 20.04 LTS : Mailman vulnerabilities (USN-5121-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5121-2 advisory. USN-5009-1 fixed vulnerabilities in Mailman. This update provides the corresponding updates for Ubuntu 20.04 LTS. In addition, the following CVEs were...

8.5CVSS6.6AI score0.07993EPSS

Exploits1References6

OSV•added 2021/10/30 11:3 a.m.•1 views

OESA-2021-1405 mailman security update

Mailman is free software for managing electronic mail discussion and e-newsletter lists. Mailman is integrated with the web, making it easy for users to manage their accounts and for list owners to administer their lists. Mailman supports built-in archiving, automatic bounce processing, content...

8.5CVSS7.1AI score0.07993EPSS

Exploits1References6

RedHat Linux•added 2021/05/18 1:59 p.m.•26 views

Moderate: Red Hat Security Advisory: mailman:2.1 security update

An update for the mailman:2.1 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.5CVSS6.5AI score0.07993EPSS

Exploits1References4

RedHat Linux•added 2021/05/18 1:59 p.m.•2 views

mailman: arbitrary content injection via the private archive login page

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page...

4.3CVSS6.8AI score0.01332EPSS

Exploits0References4

Veracode•added 2020/12/06 3:35 a.m.•18 views

Content Injection

GNU Mailman is vulnerable to content injection. An attacker is able to inject arbitrary content into the application via the Cgi/private.py private archive login page...

4.3CVSS4.1AI score0.01332EPSS

Exploits0References8Affected Software2

Tenable Nessus•added 2020/10/30 12:0 a.m.•36 views

EulerOS 2.0 SP5 : mailman (EulerOS-SA-2020-2256)

According to the versions of the mailman package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection.CVE-2020-12108 - GNU Mailman 2.x before 2.1.30 uses the .obj...

6.5CVSS6.4AI score0.07993EPSS

Exploits1References4

OpenVAS•added 2020/07/17 12:0 a.m.•23 views

Debian: Security Advisory (DLA-2276-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6AI score0.07993EPSS

Exploits1References4

BDU FSTEC•added 2020/07/09 12:0 a.m.•2 views

The vulnerability of the entry page for the personal archive in Cgi/private.py of the GNU Mailman mailing system allows a intruder to inject arbitrary content.

The vulnerability of the entry page for the personal archive in Cgi/private.py of the GNU Mailman system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary content using a specially created request...

5.4CVSS6.4AI score0.01332EPSS

Exploits0References10Affected Software3