|
Bug #266190: Traceback in private.py after security patch
|
 CVE-2005-0202 |
|
GNU Mailman
|
Invalid (unassigned)
|
|
Bug #558226: email.Utils.parsedate can return bogus date
|
CVE-2005-4153 |
|
GNU Mailman
|
Fix released (unassigned)
|
|
Bug #775294: Set lifetime for input forms
|
CVE-2016-7123 |
|
GNU Mailman
|
Fix released (unassigned)
|
|
Bug #1437145: Path traversal vulnerability exists in Mailman and can be exploited if Mailman's MTA is Exim.
|
CVE-2015-2775 |
|
GNU Mailman
|
Fix released, assigned to Mark Sapiro
|
|
Bug #1614841: CSRF protection needs to be extended to the user options page
|
CVE-2011-0707
CVE-2016-6893
CVE-2016-7123 |
|
GNU Mailman
|
Fix released, assigned to Mark Sapiro
|
|
Bug #1747209: XSS vulnerability and information leak in user options CGI
|
CVE-2018-5950 |
|
GNU Mailman
|
Fix released, assigned to Mark Sapiro
|
|
Bug #1780874: Arbitrary text injection vulnerability in Mailman CGIs
|
CVE-2018-13796 |
|
GNU Mailman
|
Fix released, assigned to Mark Sapiro
|
|
Bug #1873722: Arbitrary Content Injection via the options login page.
|
CVE-2020-12108 |
|
GNU Mailman
|
Fix released, assigned to Mark Sapiro
|
|
Bug #1877379: Arbitrary Content Injection via the private archive login page.
|
CVE-2020-15011 |
|
GNU Mailman
|
Fix released, assigned to Mark Sapiro
|
|
Bug #1886117: Scrubbed application/octet-stream parts should not have .obj extension
|
CVE-2020-12137 |
|
GNU Mailman
|
Fix released (unassigned)
|
|
Bug #1947639: Potential Privilege escalation via the user options page.
|
CVE-2021-42096 |
|
GNU Mailman
|
Fix released, assigned to Mark Sapiro
|
|
Bug #1947640: Potential CSRF attack via the user options page.
|
CVE-2021-42097 |
|
GNU Mailman
|
Fix released, assigned to Mark Sapiro
|
|
Bug #1949401: Potential XSS attack via the user options page.
|
CVE-2021-43331 |
|
GNU Mailman
|
Fix released, assigned to Mark Sapiro
|
|
Bug #1949403: A vulnerability could allow a list moderator to discover the admin password.
|
CVE-2021-43332 |
|
GNU Mailman
|
Fix released, assigned to Mark Sapiro
|
|
Bug #1952384: A CSRF vulnerability could allow a list moderator or list member to access the admin UI
|
CVE-2021-44227 |
|
GNU Mailman
|
Fix released, assigned to Mark Sapiro
|
