This page aggregates publicly disclosed CVE and security risk information related to endymion, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2002-0418 | Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter. | [email protected] | 5.0 | 0.27% | 2002-08-12 | 2026-04-16 |
| CVE-2002-0417 | Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the ALTERNATE_TEMPLATES parameter for various mmstdo*.cgi programs. | [email protected] | 5.0 | 1.16% | 2002-08-12 | 2026-04-16 |
| CVE-2001-0021 | MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter. | [email protected] | 10.0 | 9.54% | 2001-02-16 | 2026-04-16 |
| CVE-1999-0850 | The default permissions for Endymion MailMan allow local users to read email or modify files. | [email protected] | 3.6 | 0.08% | 1999-12-02 | 2026-04-16 |