Vulnerabilities > Sympa > Sympa > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-10 | CVE-2020-26932 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group) | 4.3 |
| 2018-09-06 | CVE-2018-1000671 | Open Redirect vulnerability in multiple products sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. | 5.8 |
| 2015-01-22 | CVE-2015-1306 | Information Exposure vulnerability in Sympa The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2008-10-07 | CVE-2008-4476 | Link Following vulnerability in Sympa 5.3.4 sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. | 6.9 |
| 2008-04-02 | CVE-2008-1648 | Improper Input Validation vulnerability in Sympa Sympa before 5.4 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers. | 5.0 |
| 2004-08-21 | CVE-2004-1735 | HTML Injection vulnerability in Sympa New List Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field. network sympa | 4.3 |