Vulnerabilities > Sympa > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-31 | CVE-2021-46900 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sympa Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. | 7.5 |
| 2020-10-07 | CVE-2020-26880 | Improper Privilege Management vulnerability in multiple products Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable. | 7.8 |
| 2020-05-27 | CVE-2020-10936 | Improper Privilege Management vulnerability in multiple products Sympa before 6.2.56 allows privilege escalation. | 7.8 |
| 2020-02-24 | CVE-2020-9369 | Resource Exhaustion vulnerability in multiple products Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters. | 7.5 |
| 2018-06-26 | CVE-2018-1000550 | Path Traversal vulnerability in multiple products The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. | 7.5 |
| 2012-05-31 | CVE-2012-2352 | Permissions, Privileges, and Access Controls vulnerability in Sympa The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions. | 7.5 |