FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
88760f4d-8ef7-11ea-a66d-4b2ef158be83mailman -- arbitrary content injection vulnerability via options or private archive login pages

Mark Sapiro reports:

A content injection vulnerability via the options login page has been discovered and reported by Vishal Singh.

An issue similar to CVE-2018-13796 exists at different endpoint & param. It can lead to a phishing attack.

(added 2020-05-07) This is essentially the same as https://bugs.launchpad.net/mailman/+bug/1873722 except the vector is the private archive login page and the attack only succeeds if the list's roster visibility (private_roster) setting is 'Anyone'.


Discovery 2020-04-20
Entry 2020-05-07
mailman
< 2.1.30_4

ge 2.1.31 lt 2.1.33

mailman-with-htdig
< 2.1.30_4

ge 2.1.31 lt 2.1.33

https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1845/NEWS#L8
https://bugs.launchpad.net/mailman/+bug/1873722
https://bugs.launchpad.net/mailman/+bug/1877379
https://mail.python.org/archives/list/mailman-developers@python.org/thread/SYBIZ3MNSQZLKN6PVKO7ZKR7QMOBMS45/
CVE-2018-13796
b4f0ad36-94a5-11e8-9007-080027ac955cmailman -- content spoofing with invalid list names in web UI

Mark Sapiro reports:

A URL with a very long text listname such as

http://www.example.com/mailman/listinfo/This_is_a_long_string_with_some_phishing_text

will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site.

This issue was discovered by Hammad Qureshi.


Discovery 2018-07-09
Entry 2018-07-31
mailman
< 2.1.28

mailman-with-htdig
< 2.1.28

ja-mailman
< 2.1.14.j7_6,1

https://bugs.launchpad.net/mailman/+bug/1780874
https://mail.python.org/pipermail/mailman-announce/2018-July/000241.html
CVE-2018-13796
0d6efbe3-52d9-11ec-9472-e3667ed6088emailman < 2.1.38 -- CSRF vulnerability of list mod or member against list admin page

Mark Sapiro reports:

A list moderator or list member can potentially carry out a CSRF attack by getting a list admin to visit a crafted web page.


Discovery 2021-11-25
Entry 2021-12-01
mailman
< 2.1.38

mailman-exim4
< 2.1.38

mailman-exim4-with-htdig
< 2.1.38

mailman-postfix
< 2.1.38

mailman-postfix-with-htdig
< 2.1.38

mailman-with-htdig
< 2.1.38

CVE-2021-44227
https://bugs.launchpad.net/mailman/+bug/1952384
https://www.mail-archive.com/mailman-users@python.org/msg73979.html
9d7a2b54-4468-11ec-8532-0d24c37c72c8mailman -- 2.1.37 fixes XSS via user options, and moderator offline brute-force vuln against list admin password

Mark Sapiro reports:

A potential XSS attack via the user options page has been reported by Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401).

A potential for for a list moderator to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed. CVE-2021-43332 (LP: #1949403)


Discovery 2021-11-01
Entry 2021-11-13
mailman
< 2.1.37

mailman-exim4
< 2.1.37

mailman-exim4-with-htdig
< 2.1.37

mailman-postfix
< 2.1.37

mailman-postfix-with-htdig
< 2.1.37

mailman-with-htdig
< 2.1.37

CVE-2021-43331
CVE-2021-43332
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1879/NEWS#L8
https://bugs.launchpad.net/mailman/+bug/1949401
https://bugs.launchpad.net/mailman/+bug/1949403
3d0eeef8-0cf9-11e8-99b0-d017c2987f9aMailman -- Cross-site scripting (XSS) vulnerability in the web UI

Mark Sapiro reports:

An XSS vulnerability in the user options CGI could allow a crafted URL to execute arbitrary javascript in a user's browser. A related issue could expose information on a user's options page without requiring login.


Discovery 2018-01-20
Entry 2018-02-08
mailman
< 2.1.26

mailman-with-htdig
< 2.1.26

ja-mailman
le 2.1.14.j7_3,1

https://www.mail-archive.com/mailman-users@python.org/msg70478.html
CVE-2018-5950
739948e3-78bf-11e8-b23c-080027ac955cmailman -- hardening against malicious listowners injecting evil HTML scripts

Mark Sapiro reports:

Existing protections against malicious listowners injecting evil scripts into listinfo pages have had a few more checks added.

A few more error messages have had their values HTML escaped.

The hash generated when SUBSCRIBE_FORM_SECRET is set could have been the same as one generated at the same time for a different list and IP address.


Discovery 2018-03-09
Entry 2018-06-25
mailman
< 2.1.27

mailman-with-htdig
< 2.1.27

ja-mailman
< 2.1.14.j7_5,1

https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/head:/NEWS#L8
https://www.mail-archive.com/mailman-users@python.org/
CVE-2018-0618
8d65aa3b-31ce-11ec-8c32-a14e8e520dc7mailman -- brute-force vuln on list admin password, and CSRF vuln in releases before 2.1.35

Mark Sapiro reports:

A potential for for a list member to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.

A CSRF attack via the user options page could allow takeover of a users account. This is fixed.


Discovery 2021-10-18
Entry 2021-10-20
mailman
< 2.1.35

mailman-with-htdig
< 2.1.35

CVE-2021-42096
CVE-2021-42097
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1873/NEWS#L8
https://bugs.launchpad.net/mailman/+bug/1947639
https://bugs.launchpad.net/mailman/+bug/1947640