18 matches found
RHEL 6 : mailman (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mailman: CSRF token bypass allows to perform CSRF attacks and account takeover CVE-2021-42097 - mailman:...
SUSE: Security Advisory (SUSE-SU-2020:1301-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for mailman (EulerOS-SA-2021-1326)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for mailman (EulerOS-SA-2021-1096)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
mailman:2.1 security and bug fix update
3:2.1.29-10 - Fix match patter to reduce false allocation 3:2.1.29-9 - Fix for CVE-2020-12137 3:2.1.29-8 - Drop unversioned python from comments. 3:2.1.29-7 - Change attr of /etc/mailman 3:2.1.29-6 - Update run directory references 1805954 - fix 1188043 - set 2775 permission for /etc/mailman...
RHEL 8 : mailman:2.1 (RHSA-2020:4667)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:4667 advisory. Mailman is a program used to help manage e-mail discussion lists. Security Fixes: mailman: XSS via file attachments in list archives CVE-2020-12137 F...
Moderate: mailman:2.1 security and bug fix update
Mailman is a program used to help manage e-mail discussion lists. Security Fixes: mailman: XSS via file attachments in list archives CVE-2020-12137 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page...
Huawei EulerOS: Security Advisory for mailman (EulerOS-SA-2020-2256)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for Recommended (openSUSE-SU-2020:1707-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for mailman (FEDORA-2020-20b748e81e)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 31 : 3:mailman (2020-69f2f1d987)
New version v2.1.30 Security fix for CVE-2020-12137 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
[SECURITY] [DLA 2200-1] mailman security update
Package : mailman Version : 1:2.1.18-2+deb8u5 CVE ID : CVE-2020-12137 A vulnerability was discovered in mailman. GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, becau...
CVE-2020-12137
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...
Ubuntu 16.04 LTS / 18.04 LTS : Mailman vulnerabilities (USN-4348-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4348-1 advisory. It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this to issue execute arbitrary scripts or...
USN-4348-1: Mailman vulnerabilities
It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this to issue execute arbitrary scripts or HTML. CVE-2018-0618 It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to display arbitrary text o...
[SECURITY] [DSA 4664-1] mailman security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4664-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst April 26, 2020 https://www.debian.org/security/faq -...
CVE-2020-12137
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...
CVE-2020-12137
CVE-2020-12137 affects GNU Mailman 2.x up to version 2.1.30. The root cause is using the .obj extension for scrubbed application/octet-stream MIME parts, which can trigger MIME sniffing and lead to XSS in list-archive visitors when HTTP replies lack a MIME type. The connected advisories indicate ...