This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
00263aa3-67a8-11d8-80e3-0020ed76ef5a | mailman XSS in user options page From the 2.1.1 release notes:
Discovery 2003-02-08 Entry 2004-02-25 mailman < 2.1.1 CVE-2003-0038 http://mail.python.org/pipermail/mailman-announce/2003-February/000056.html |
0d6efbe3-52d9-11ec-9472-e3667ed6088e | mailman < 2.1.38 -- CSRF vulnerability of list mod or member against list admin page Mark Sapiro reports:
Discovery 2021-11-25 Entry 2021-12-01 mailman < 2.1.38 mailman-exim4 < 2.1.38 mailman-exim4-with-htdig < 2.1.38 mailman-postfix < 2.1.38 mailman-postfix-with-htdig < 2.1.38 mailman-with-htdig < 2.1.38 CVE-2021-44227 https://bugs.launchpad.net/mailman/+bug/1952384 https://www.mail-archive.com/mailman-users@python.org/msg73979.html |
3cb88bb2-67a6-11d8-80e3-0020ed76ef5a | mailman XSS in admin script Dirk Mueller reports:
Discovery 2003-12-31 Entry 2004-02-25 mailman < 2.1.4 CVE-2003-0965 http://mail.python.org/pipermail/mailman-announce/2003-December/000066.html http://xforce.iss.net/xforce/xfdb/14121 |
3d0eeef8-0cf9-11e8-99b0-d017c2987f9a | Mailman -- Cross-site scripting (XSS) vulnerability in the web UI Mark Sapiro reports:
Discovery 2018-01-20 Entry 2018-02-08 mailman < 2.1.26 mailman-with-htdig < 2.1.26 ja-mailman le 2.1.14.j7_3,1 https://www.mail-archive.com/mailman-users@python.org/msg70478.html CVE-2018-5950 |
429249d2-67a7-11d8-80e3-0020ed76ef5a | mailman XSS in create script From the 2.1.3 release notes:
Discovery 2003-09-28 Entry 2004-02-25 mailman < 2.1.3 CVE-2003-0992 http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html |
4ab29e12-e787-11df-adfa-00e0815b8da8 | Mailman -- cross-site scripting in web interface Secunia reports:
Discovery 2010-09-14 Entry 2010-11-03 mailman < 2.1.14 43187 CVE-2010-3089 http://secunia.com/advisories/41265 |
64691c49-4b22-11e0-a226-00e0815b8da8 | mailman -- XSS vulnerability CVE reports:
Discovery 2011-02-13 Entry 2011-03-10 mailman < 2.1.14_1 CVE-2011-0707 http://mail.python.org/pipermail/mailman-announce/2011-February/000157.html |
739948e3-78bf-11e8-b23c-080027ac955c | mailman -- hardening against malicious listowners injecting evil HTML scripts Mark Sapiro reports:
Discovery 2018-03-09 Entry 2018-06-25 mailman < 2.1.27 mailman-with-htdig < 2.1.27 ja-mailman < 2.1.14.j7_5,1 https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS#L8 https://www.mail-archive.com/mailman-users@python.org/ CVE-2018-0618 |
88760f4d-8ef7-11ea-a66d-4b2ef158be83 | mailman -- arbitrary content injection vulnerability via options or private archive login pages Mark Sapiro reports:
Discovery 2020-04-20 Entry 2020-05-07 mailman < 2.1.30_4 ge 2.1.31 lt 2.1.33 mailman-with-htdig < 2.1.30_4 ge 2.1.31 lt 2.1.33 https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1845/NEWS#L8 https://bugs.launchpad.net/mailman/+bug/1873722 https://bugs.launchpad.net/mailman/+bug/1877379 https://mail.python.org/archives/list/mailman-developers@python.org/thread/SYBIZ3MNSQZLKN6PVKO7ZKR7QMOBMS45/ CVE-2018-13796 |
8be2e304-cce6-11da-a3b1-00123ffe8333 | mailman -- Private Archive Script Cross-Site Scripting Secunia reports:
Discovery 2006-04-07 Entry 2006-04-16 mailman ja-mailman mailman-with-htdig < 2.1.8 CVE-2006-1712 http://mail.python.org/pipermail/mailman-announce/2006-April/000084.html http://secunia.com/advisories/19558/ |
8d65aa3b-31ce-11ec-8c32-a14e8e520dc7 | mailman -- brute-force vuln on list admin password, and CSRF vuln in releases before 2.1.35 Mark Sapiro reports:
Discovery 2021-10-18 Entry 2021-10-20 mailman < 2.1.35 mailman-with-htdig < 2.1.35 CVE-2021-42096 CVE-2021-42097 https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1873/NEWS#L8 https://bugs.launchpad.net/mailman/+bug/1947639 https://bugs.launchpad.net/mailman/+bug/1947640 |
9d7a2b54-4468-11ec-8532-0d24c37c72c8 | mailman -- 2.1.37 fixes XSS via user options, and moderator offline brute-force vuln against list admin password Mark Sapiro reports:
Discovery 2021-11-01 Entry 2021-11-13 mailman < 2.1.37 mailman-exim4 < 2.1.37 mailman-exim4-with-htdig < 2.1.37 mailman-postfix < 2.1.37 mailman-postfix-with-htdig < 2.1.37 mailman-with-htdig < 2.1.37 CVE-2021-43331 CVE-2021-43332 https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1879/NEWS#L8 https://bugs.launchpad.net/mailman/+bug/1949401 https://bugs.launchpad.net/mailman/+bug/1949403 |
9e50dcc3-740b-11e6-94a2-080027ef73ec | mailman -- CSRF hardening in parts of the web interface The late Tokio Kikuchi reported:
Discovery 2011-05-02 Entry 2016-09-06 mailman < 2.1.15 https://bugs.launchpad.net/mailman/+bug/775294 https://launchpad.net/mailman/2.1/2.1.15 CVE-2016-7123 |
a5f160fa-deee-11e4-99f8-080027ef73ec | mailman -- path traversal vulnerability Mark Sapiro reports:
Discovery 2015-03-27 Entry 2015-04-09 Modified 2015-06-17 mailman < 2.1.20 mailman-with-htdig < 2.1.20 ja-mailman < 2.1.14.j7_2,1 https://mail.python.org/pipermail/mailman-announce/2015-March/000209.html https://bugs.launchpad.net/mailman/+bug/1437145 CVE-2015-2775 |
ad9d2518-3471-4737-b60b-9a1f51023b28 | mailman -- password disclosure Barry Warsaw reports:
Discovery 2004-05-15 Entry 2005-06-01 mailman ja-mailman < 2.1.5 CVE-2004-0412 http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html |
b0e76877-67a8-11d8-80e3-0020ed76ef5a | mailman denial-of-service vulnerability in MailCommandHandler A malformed message could cause mailman to crash. Discovery 2003-11-18 Entry 2004-02-25 mailman < 2.1 CVE-2003-0991 http://umn.dl.sourceforge.net/sourceforge/mailman/mailman-2.0.13-2.0.14-diff.txt |
b11ab01b-6e19-11e6-ab24-080027ef73ec | mailman -- CSRF protection enhancements Mark Sapiro reports:
Discovery 2016-08-19 Entry 2016-08-29 mailman < 2.1.23 http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1668 https://mail.python.org/pipermail/mailman-announce/2016-August/000226.html CVE-2016-6893 |
b3cd00f7-c0c5-452d-87bc-086c5635333e | mailman -- generated passwords are poor quality Florian Weimer wrote:
Discovery 2004-12-15 Entry 2005-06-01 mailman ja-mailman < 2.1.6 CVE-2004-1143 http://mail.python.org/pipermail/mailman-developers/2004-December/017553.html http://mail.python.org/pipermail/mailman-developers/attachments/20041215/be238297/attachment.mht |
b4f0ad36-94a5-11e8-9007-080027ac955c | mailman -- content spoofing with invalid list names in web UI Mark Sapiro reports:
Discovery 2018-07-09 Entry 2018-07-31 mailman < 2.1.28 mailman-with-htdig < 2.1.28 ja-mailman < 2.1.14.j7_6,1 https://bugs.launchpad.net/mailman/+bug/1780874 https://mail.python.org/pipermail/mailman-announce/2018-July/000241.html CVE-2018-13796 |
c7ccc33f-7d31-11d9-a9e7-0001020eed82 | mailman -- directory traversal vulnerability A directory traversal vulnerability in mailman allow remote attackers to read arbitrary files due to inadequate input sanitizing. This could, among other things, lead remote attackers to gaining access to the mailman configuration database (which contains subscriber email addresses and passwords) or to the mail archives for private lists. Discovery 2005-01-02 Entry 2005-02-12 mailman ja-mailman < 2.1.5_2 CVE-2005-0202 http://marc.theaimsgroup.com/?l=full-disclosure&m=110797575304304 |
f47f2746-12c5-11dd-bab7-0016179b2dd5 | mailman -- script insertion vulnerability Secunia reports:
Discovery 2008-02-05 Entry 2008-04-25 ja-mailman mailman mailman-with-htdig < 2.1.10 CVE-2008-0564 27630 http://www.ubuntu.com/usn/usn-586-1 http://secunia.com/advisories/28794 http://sourceforge.net/project/shownotes.php?release_id=593924 |
fffa9257-3c17-11db-86ab-00123ffe8333 | mailman -- Multiple Vulnerabilities Secunia reports:
Discovery 2006-06-09 Entry 2006-09-04 Modified 2006-10-04 mailman ja-mailman mailman-with-htdig < 2.1.9.r1 19831 CVE-2006-2191 CVE-2006-2941 CVE-2006-3636 CVE-2006-4624 http://secunia.com/advisories/21732/ http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295 |