Download
| Alert*
|
oval:org.secpod.oval:def:89046360
This update for mailman fixes the following issues: - CVE-2021-44227: Preventing list moderator or list member accessing the admin UI . - CVE-2021-43332: Preventing list moderator from cracking the list admin password encrypted in a CSRF token . - CVE-2021-43331: Fixed XSS in Cgi/options.py . - CVE- ... oval:org.secpod.oval:def:1701973 In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked b ... oval:org.secpod.oval:def:706222 mailman: Web-based mailing list manager Several security issues were fixed in Mailman. oval:org.secpod.oval:def:2107170 Oracle Solaris 11 - ( CVE-2021-43332 ) oval:org.secpod.oval:def:76599 mailman: Web-based mailing list manager Several security issues were fixed in Mailman. |
