| Max CVSS | 7.2 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-26932 | 4.0 |
debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)
|
08-11-2022 - 13:54 | 10-10-2020 - 18:15 | |
| CVE-2020-10936 | 7.2 |
Sympa before 6.2.56 allows privilege escalation.
|
08-11-2022 - 03:47 | 27-05-2020 - 18:15 | |
| CVE-2020-29668 | 4.3 |
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
|
26-04-2022 - 16:12 | 10-12-2020 - 08:15 | |
| CVE-2020-9369 | 5.0 |
Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.
|
01-01-2022 - 19:28 | 24-02-2020 - 18:15 |