Lucene search
+L

18 matches found

Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.25 views

RHEL 6 : mailman (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mailman: CSRF token bypass allows to perform CSRF attacks and account takeover CVE-2021-42097 - mailman:...

7.7AI score0.02698EPSS
Exploits1References10
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2020:1301-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7AI score0.02698EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2021/02/22 12:0 a.m.21 views

Huawei EulerOS: Security Advisory for mailman (EulerOS-SA-2021-1326)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.2AI score0.02698EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/01/19 12:0 a.m.20 views

Huawei EulerOS: Security Advisory for mailman (EulerOS-SA-2021-1096)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.2AI score0.02698EPSS
Exploits1References2
Oracle linux
Oracle linux
added 2020/11/10 12:0 a.m.39 views

mailman:2.1 security and bug fix update

3:2.1.29-10 - Fix match patter to reduce false allocation 3:2.1.29-9 - Fix for CVE-2020-12137 3:2.1.29-8 - Drop unversioned python from comments. 3:2.1.29-7 - Change attr of /etc/mailman 3:2.1.29-6 - Update run directory references 1805954 - fix 1188043 - set 2775 permission for /etc/mailman...

6.1CVSS2.4AI score0.02288EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/11/04 12:0 a.m.40 views

RHEL 8 : mailman:2.1 (RHSA-2020:4667)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:4667 advisory. Mailman is a program used to help manage e-mail discussion lists. Security Fixes: mailman: XSS via file attachments in list archives CVE-2020-12137 F...

6.1CVSS6.8AI score0.02288EPSS
Exploits0References10
AlmaLinux
AlmaLinux
added 2020/11/03 12:25 p.m.30 views

Moderate: mailman:2.1 security and bug fix update

Mailman is a program used to help manage e-mail discussion lists. Security Fixes: mailman: XSS via file attachments in list archives CVE-2020-12137 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page...

4.3CVSS0.2AI score0.02288EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/10/30 12:0 a.m.25 views

Huawei EulerOS: Security Advisory for mailman (EulerOS-SA-2020-2256)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS5.9AI score0.02698EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/10/23 12:0 a.m.17 views

openSUSE: Security Advisory for Recommended (openSUSE-SU-2020:1707-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.4AI score0.02698EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/05/15 12:0 a.m.24 views

Fedora: Security Advisory for mailman (FEDORA-2020-20b748e81e)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.1CVSS6.7AI score0.02288EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/05/14 12:0 a.m.30 views

Fedora 31 : 3:mailman (2020-69f2f1d987)

New version v2.1.30 Security fix for CVE-2020-12137 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

6.1CVSS6.7AI score0.02288EPSS
Exploits0References2
Debian
Debian
added 2020/05/03 10:49 a.m.50 views

[SECURITY] [DLA 2200-1] mailman security update

Package : mailman Version : 1:2.1.18-2+deb8u5 CVE ID : CVE-2020-12137 A vulnerability was discovered in mailman. GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, becau...

6.1CVSS6.4AI score0.02288EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2020/04/30 5:41 p.m.37 views

CVE-2020-12137

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...

6.1CVSS1.7AI score0.02288EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/04/30 12:0 a.m.28 views

Ubuntu 16.04 LTS / 18.04 LTS : Mailman vulnerabilities (USN-4348-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4348-1 advisory. It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this to issue execute arbitrary scripts or...

6.5CVSS6.9AI score0.02541EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2020/04/29 2:40 p.m.64 views

USN-4348-1: Mailman vulnerabilities

It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this to issue execute arbitrary scripts or HTML. CVE-2018-0618 It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to display arbitrary text o...

6.5CVSS6.8AI score0.02541EPSS
Exploits0
Debian
Debian
added 2020/04/26 11:58 a.m.67 views

[SECURITY] [DSA 4664-1] mailman security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4664-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst April 26, 2020 https://www.debian.org/security/faq -...

6.1CVSS6.4AI score0.02288EPSS
Exploits0
Cvelist
Cvelist
added 2020/04/24 12:37 p.m.26 views

CVE-2020-12137

GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...

6.4AI score0.02288EPSS
Exploits0References11
CVE
CVE
added 2020/04/24 12:37 p.m.310 views

CVE-2020-12137

CVE-2020-12137 affects GNU Mailman 2.x up to version 2.1.30. The root cause is using the .obj extension for scrubbed application/octet-stream MIME parts, which can trigger MIME sniffing and lead to XSS in list-archive visitors when HTTP replies lack a MIME type. The connected advisories indicate ...

6.1CVSS6.1AI score0.02288EPSS
Exploits0References11Affected Software1
Rows per page
Query Builder