Download
| Alert*
|
oval:org.secpod.oval:def:506613
Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: CSRF token bypass allows to perform CSRF attacks and account takeover * mailman: CSRF token derived from admin password allows offline brute-force attack For more details about the security issue, including ... oval:org.secpod.oval:def:1505340 [3:2.1.29-12.2] - Fix for CVE-2021-44227 - Resolves: #2026871 [3:2.1.29-12.1] - Fix for CVE-2021-42096 - Fix for CVE-2021-42097 - Resolves: #2021139, #2020692 oval:org.secpod.oval:def:89046360 This update for mailman fixes the following issues: - CVE-2021-44227: Preventing list moderator or list member accessing the admin UI . - CVE-2021-43332: Preventing list moderator from cracking the list admin password encrypted in a CSRF token . - CVE-2021-43331: Fixed XSS in Cgi/options.py . - CVE- ... oval:org.secpod.oval:def:4501300 Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: CSRF token bypass allows to perform CSRF attacks and account takeover * mailman: CSRF token derived from admin password allows offline brute-force attack For more details about the security issue, including ... oval:org.secpod.oval:def:75995 mailman: Web-based mailing list manager Several security issues were fixed in Mailman. oval:org.secpod.oval:def:706192 mailman: Web-based mailing list manager Several security issues were fixed in Mailman. oval:org.secpod.oval:def:1505289 [3:2.1.29-12.1] - Fix for CVE-2021-42096 - Fix for CVE-2021-42097 - Resolves: #2021139, #2020692 oval:org.secpod.oval:def:2106857 Oracle Solaris 11 - ( CVE-2021-42097 ) oval:org.secpod.oval:def:2500443 Mailman is a program used to help manage e-mail discussion lists. oval:org.secpod.oval:def:605659 Several vulnerabilities were discovered in mailman, a web-based mailing list manager, which could result in arbitrary content injection via the options and private archive login pages, and CSRF attacks or privilege escalation via the user options page. oval:org.secpod.oval:def:706201 mailman: Web-based mailing list manager Details: USN-5009-1 fixed vulnerabilities in Mailman. This update provides the corresponding updates for Ubuntu 20.04 LTS. In addition, the following CVEs were fixed: It was discovered that Mailman allows arbitrary content injection. An attacker could use this ... oval:org.secpod.oval:def:76357 mailman: Web-based mailing list manager Details: USN-5009-1 fixed vulnerabilities in Mailman. This update provides the corresponding updates for Linux Mint 20.x LTS. In addition, the following CVEs were fixed: It was discovered that Mailman allows arbitrary content injection. An attacker could use t ... oval:org.secpod.oval:def:75883 Several vulnerabilities were discovered in mailman, a web-based mailing list manager, which could result in arbitrary content injection via the options and private archive login pages, and CSRF attacks or privilege escalation via the user options page. |
