| Bug | Description |
|---|
| CVE-2021-44227 | In GNU Mailman before 2.1.38, a list member or moderator can get a CSR ... |
| CVE-2021-43332 | In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ... |
| CVE-2021-43331 | In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user ... |
| CVE-2021-42097 | GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csr ... |
| CVE-2021-42096 | GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A cer ... |
| CVE-2020-15011 | GNU Mailman before 2.1.33 allows arbitrary content injection via the C ... |
| CVE-2020-12137 | GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed app ... |
| CVE-2020-12108 | /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content ... |
| CVE-2018-13796 | An issue was discovered in GNU Mailman before 2.1.28. A crafted URL ca ... |
| CVE-2018-5950 | Cross-site scripting (XSS) vulnerability in the web UI in Mailman befo ... |
| CVE-2018-0618 | Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allow ... |
| CVE-2016-7123 | Cross-site request forgery (CSRF) vulnerability in the admin web inter ... |
| CVE-2016-6893 | Cross-site request forgery (CSRF) vulnerability in the user options pa ... |
| CVE-2015-2775 | Directory traversal vulnerability in GNU Mailman before 2.1.20, when n ... |
| CVE-2011-0707 | Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py ... |
| CVE-2010-3089 | Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman bef ... |
| CVE-2008-0564 | Multiple cross-site scripting (XSS) vulnerabilities in Mailman before ... |
| CVE-2006-4624 | CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 al ... |
| CVE-2006-3636 | Multiple cross-site scripting (XSS) vulnerabilities in Mailman before ... |
| CVE-2006-2941 | Mailman before 2.1.9rc1 allows remote attackers to cause a denial of s ... |
| CVE-2006-2191 | Format string vulnerability in Mailman before 2.1.9 allows attackers t ... |
| CVE-2006-1712 | Cross-site scripting (XSS) vulnerability in the private archive script ... |
| CVE-2006-0052 | The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, wh ... |
| CVE-2005-4153 | Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial ... |
| CVE-2005-3573 | Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character ... |
| CVE-2005-0202 | Directory traversal vulnerability in the true_path function in private ... |
| CVE-2005-0080 | The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ... |
| CVE-2004-1177 | Cross-site scripting (XSS) vulnerability in the driver script in mailm ... |
| CVE-2004-1143 | The password generation in mailman before 2.1.5 generates only 5 milli ... |
| CVE-2004-0412 | Mailman before 2.1.5 allows remote attackers to obtain user passwords ... |
| CVE-2004-0182 | Mailman before 2.0.13 allows remote attackers to cause a denial of ser ... |
| CVE-2003-0992 | Cross-site scripting (XSS) vulnerability in the create CGI script for ... |
| CVE-2003-0991 | Unknown vulnerability in the mail command handler in Mailman before 2. ... |
| CVE-2003-0965 | Cross-site scripting (XSS) vulnerability in the admin CGI script for M ... |
| CVE-2003-0038 | Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 ... |
| CVE-2002-0855 | Cross-site scripting vulnerability in Mailman before 2.0.12 allows rem ... |
| CVE-2002-0388 | Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow re ... |