cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-34337,https://securityvulnerability.io/vulnerability/CVE-2021-34337,Timing Attack Vulnerability in Mailman Core by GNU,"A vulnerability exists in Mailman Core prior to version 3.3.5 that allows an attacker with access to the REST API to exploit timing discrepancies in API responses. By observing the time it takes for requests to process, an attacker can infer the configured REST API password. Although the REST API is bound to localhost by default—a measure that limits exposure—users can opt to allow it to listen on other interfaces, which amplifies the potential for exploitation. This makes it crucial for users to update their installations to guard against unauthorized API access.",Gnu,Mailman,6.3,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2023-04-15T00:00:00.000Z,0
CVE-2021-44227,https://securityvulnerability.io/vulnerability/CVE-2021-44227,Cross-Site Request Forgery Vulnerability in GNU Mailman by GNU,"A Cross-Site Request Forgery (CSRF) vulnerability exists in GNU Mailman versions prior to 2.1.38, where a list member or moderator can exploit this flaw to obtain a CSRF token. This token can then be used to forge administrative requests, enabling the attacker to potentially reset the admin password or execute other unauthorized changes within the system, undermining the integrity and security of mailing lists.",Gnu,Mailman,8.8,HIGH,0.00107999995816499,false,,false,false,false,,,false,false,,2021-12-02T02:52:31.000Z,0
CVE-2021-43332,https://securityvulnerability.io/vulnerability/CVE-2021-43332,CSRF Vulnerability in GNU Mailman Affects Admin Panel Security,"In GNU Mailman versions prior to 2.1.36, a vulnerability exists in the CSRF token for the Cgi/admindb.py admin database page, which inadvertently contains an encrypted version of the list admin password. This vulnerability may allow a moderator to exploit this weakness through an offline brute-force attack, potentially compromising the security of user sessions and access control within the Mailman administration interface.",Gnu,Mailman,6.5,MEDIUM,0.00107999995816499,false,,false,false,false,,,false,false,,2021-11-12T20:45:35.000Z,0
CVE-2021-43331,https://securityvulnerability.io/vulnerability/CVE-2021-43331,Cross-Site Scripting Vulnerability in GNU Mailman by Python Software Foundation,"A vulnerability exists in GNU Mailman prior to version 2.1.36 that allows attackers to craft malicious URLs leading to the execution of arbitrary JavaScript in the context of a user’s session. This occurs specifically in the Cgi/options.py user options page, potentially compromising the security of affected users by enabling unauthorized actions and data access.",Gnu,Mailman,6.1,MEDIUM,0.0014900000533089042,false,,false,false,false,,,false,false,,2021-11-12T20:44:11.000Z,0
CVE-2021-42097,https://securityvulnerability.io/vulnerability/CVE-2021-42097,Remote Privilege Escalation in GNU Mailman by The Python Software Foundation,"A security vulnerability in GNU Mailman before version 2.1.35 allows an attacker to exploit a flaw involving the csrf_token, which is not restricted to individual user accounts. An unprivileged user can acquire this token and initiate a CSRF attack against an administrative account, potentially leading to unauthorized access or account takeover.",Gnu,Mailman,8,HIGH,0.0009899999713525176,false,,false,false,false,,,false,false,,2021-10-21T00:45:13.000Z,0
CVE-2021-42096,https://securityvulnerability.io/vulnerability/CVE-2021-42096,Remote Privilege Escalation in GNU Mailman Affects Several Versions,"GNU Mailman versions prior to 2.1.35 contain a vulnerability that could allow attackers to escalate their privileges remotely. This vulnerability occurs due to a specific csrf_token value being derived from the admin password, enabling brute-force attempts to compromise the password. Organizations using affected versions should update to the latest release to mitigate potential security risks.",Gnu,Mailman,4.3,MEDIUM,0.0015300000086426735,false,,false,false,false,,,false,false,,2021-10-21T00:40:34.000Z,0
CVE-2020-15011,https://securityvulnerability.io/vulnerability/CVE-2020-15011,Arbitrary Content Injection in GNU Mailman by the GNU Project,"A vulnerability in GNU Mailman versions before 2.1.33 allows attackers to inject arbitrary content through the private archive login page, potentially compromising the integrity of the mailing list. This weakness can be exploited, leading to unauthorized access and manipulation of sensitive data, highlighting the need for users to update their systems to mitigate the risks associated with this flaw.",Gnu,Mailman,4.3,MEDIUM,0.002630000002682209,false,,false,false,false,,,false,false,,2020-06-24T11:34:56.000Z,0
CVE-2020-12108,https://securityvulnerability.io/vulnerability/CVE-2020-12108,Arbitrary Content Injection in GNU Mailman by Open Source Software Vendor,"A vulnerability in GNU Mailman prior to version 2.1.31 allows attackers to inject arbitrary content via the /options/mailman endpoint. This flaw can lead to various security concerns, exposing systems to potential exploitation and unauthorized access. Administrators are urged to update their installations to the latest version to mitigate any risks associated with this vulnerability.",Gnu,Mailman,6.5,MEDIUM,0.0012400000123307109,false,,false,false,false,,,false,false,,2020-05-06T14:50:33.000Z,0
CVE-2020-12137,https://securityvulnerability.io/vulnerability/CVE-2020-12137,XSS Vulnerability in GNU Mailman 2.x Leading to Potential Security Risks,"GNU Mailman versions prior to 2.1.30 are susceptible to a Cross-Site Scripting (XSS) vulnerability caused by mishandling of file attachments with the '.obj' extension. The lack of proper MIME type designation may lead the browser to misinterpret the content as HTML, enabling the execution of unexpected JavaScript code. This security flaw can potentially allow attackers to execute scripts in the context of users accessing the list archive, posing a significant security risk.",Gnu,Mailman,6.1,MEDIUM,0.0035699999425560236,false,,false,false,false,,,false,false,,2020-04-24T12:37:58.000Z,0
CVE-2018-0618,https://securityvulnerability.io/vulnerability/CVE-2018-0618,,Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.,Gnu Mailman,Mailman,5.4,MEDIUM,0.001180000021122396,false,,false,false,false,,,false,false,,2018-07-26T17:00:00.000Z,0
CVE-2018-13796,https://securityvulnerability.io/vulnerability/CVE-2018-13796,,An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.,Gnu,Mailman,6.5,MEDIUM,0.0015999999595806003,false,,false,false,false,,,false,false,,2018-07-12T18:00:00.000Z,0
CVE-2018-5950,https://securityvulnerability.io/vulnerability/CVE-2018-5950,,Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.,Gnu,Mailman,6.1,MEDIUM,0.0013200000394135714,false,,false,false,false,,,false,false,,2018-01-23T16:00:00.000Z,0
CVE-2016-6893,https://securityvulnerability.io/vulnerability/CVE-2016-6893,,"Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.",Gnu,Mailman,8.8,HIGH,0.0022700000554323196,false,,false,false,false,,,false,false,,2016-09-02T14:00:00.000Z,0
CVE-2016-7123,https://securityvulnerability.io/vulnerability/CVE-2016-7123,,Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators.,Gnu,Mailman,8.8,HIGH,0.0015899999998509884,false,,false,false,false,,,false,false,,2016-09-02T14:00:00.000Z,0
CVE-2011-5024,https://securityvulnerability.io/vulnerability/CVE-2011-5024,,Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter.,Gnu,Mailman,,,0.0012199999764561653,false,,false,false,false,,,false,false,,2011-12-29T11:55:00.000Z,0
CVE-2011-0707,https://securityvulnerability.io/vulnerability/CVE-2011-0707,,Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.,Gnu,Mailman,,,0.004809999838471413,false,,false,false,false,,,false,false,,2011-02-22T18:00:00.000Z,0
CVE-2010-3089,https://securityvulnerability.io/vulnerability/CVE-2010-3089,,Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.,Gnu,Mailman,,,0.0014799999771639705,false,,false,false,false,,,false,false,,2010-09-15T19:00:00.000Z,0
CVE-2006-2191,https://securityvulnerability.io/vulnerability/CVE-2006-2191,,"Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is ""unexploitable.",Gnu,Mailman,,,0.005890000145882368,false,,false,false,false,,,false,false,,2006-09-19T21:00:00.000Z,0
CVE-2006-4624,https://securityvulnerability.io/vulnerability/CVE-2006-4624,,CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.,Gnu,Mailman,,,0.012529999949038029,false,,false,false,false,,,false,false,,2006-09-07T19:00:00.000Z,0
CVE-2006-2941,https://securityvulnerability.io/vulnerability/CVE-2006-2941,,"Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving ""standards-breaking RFC 2231 formatted headers"".",Gnu,Mailman,,,0.5653499960899353,false,,false,false,false,,,false,false,,2006-09-06T00:00:00.000Z,0
CVE-2006-3636,https://securityvulnerability.io/vulnerability/CVE-2006-3636,,Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.,Gnu,Mailman,,,0.26225998997688293,false,,false,false,false,,,false,false,,2006-09-06T00:00:00.000Z,0
CVE-2006-1712,https://securityvulnerability.io/vulnerability/CVE-2006-1712,,Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.,Gnu,Mailman,,,0.0026700000744313,false,,false,false,false,,,false,false,,2006-04-11T19:00:00.000Z,0
CVE-2006-0052,https://securityvulnerability.io/vulnerability/CVE-2006-0052,,"The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.",Gnu,Mailman,,,0.12377999722957611,false,,false,false,false,,,false,false,,2006-03-31T11:00:00.000Z,0
CVE-2005-4153,https://securityvulnerability.io/vulnerability/CVE-2005-4153,,"Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to ""fail with an Overflow on bad date data in a processed message,"" a different vulnerability than CVE-2005-3573.",Gnu,Mailman,,,0.841480016708374,false,,false,false,false,,,false,false,,2005-12-11T02:00:00.000Z,0
CVE-2005-3573,https://securityvulnerability.io/vulnerability/CVE-2005-3573,,"Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).",Gnu,Mailman,,,0.8687000274658203,false,,false,false,false,,,false,false,,2005-11-16T07:37:00.000Z,0