Mailman Security Vulnerabilities and Issues — Mailman CVE List

Lucene search

GnuMailman

11 matches found

CVE•added 2018/07/26 5:29 p.m.•170 views

CVE-2018-0618

Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

5.4CVSS5AI score0.00552EPSS

CVE•added 2005/05/02 4:0 a.m.•63 views

CVE-2005-0202

Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.

5CVSS9.3AI score0.02731EPSS

CVE•added 2005/11/16 7:42 a.m.•59 views

CVE-2005-3573

Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).

5CVSS6.2AI score0.05745EPSS

CVE•added 2004/08/18 4:0 a.m.•56 views

CVE-2004-0412

Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.

5CVSS6.1AI score0.0264EPSS

CVE•added 2025/04/20 1:15 a.m.•53 views

CVE-2025-43921

GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used.

5.3CVSS5.3AI score0.00065EPSS

CVE•added 2005/05/02 4:0 a.m.•52 views

CVE-2005-0080

The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.

5CVSS6.6AI score0.00391EPSS

CVE•added 2006/09/06 12:4 a.m.•52 views

CVE-2006-2941

Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers".

5CVSS6.3AI score0.06125EPSS

CVE•added 2006/03/31 11:6 a.m.•51 views

CVE-2006-0052

The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary ...

5CVSS6.2AI score0.06409EPSS

CVE•added 2004/06/01 4:0 a.m.•48 views

CVE-2004-0182

Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field.

5CVSS6.6AI score0.0057EPSS

CVE•added 2004/09/01 4:0 a.m.•47 views

CVE-2003-0991

Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.

5CVSS6.3AI score0.01583EPSS

CVE•added 2002/06/25 4:0 a.m.•45 views

CVE-2001-0884

Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.

5.1CVSS6.3AI score0.00654EPSS