Lucene search
K

16 matches found

nessus
nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2021-43331

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. CVE-2021-43331 Note that Nessus...

6.1CVSS6.7AI score0.01284EPSS
Exploits0References2
nessus
nessus
added 2024/05/11 12:0 a.m.24 views

RHEL 6 : mailman (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mailman: CSRF token bypass allows to perform CSRF attacks and account takeover CVE-2021-42097 - mailman:...

7.7AI score0.02698EPSS
Exploits1References10
nessus
nessus
added 2024/05/11 12:0 a.m.27 views

RHEL 7 : mailman (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mailman: XSS in Cgi/options.py via crafted URL CVE-2021-43331 - mailman: a list moderator can crack the...

7.1AI score0.01284EPSS
Exploits0References2
susecve
susecve
added 2023/02/15 3:37 a.m.3 views

SUSE CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

7.1CVSS7.2AI score0.01284EPSS
Exploits0References4
openvas
openvas
added 2022/06/10 12:0 a.m.18 views

Debian: Security Advisory (DLA-3049-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.5AI score0.01284EPSS
Exploits0References4
debian
debian
added 2022/06/09 10:14 a.m.36 views

[SECURITY] [DLA 3049-1] mailman security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3049-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler June 09, 2022 https://wiki.debian.org/LTS -...

8.8CVSS8.7AI score0.01284EPSS
Exploits0
openvas
openvas
added 2022/06/01 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2022:1886-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.2AI score0.01284EPSS
Exploits0References7
nessus
nessus
added 2022/06/01 12:0 a.m.30 views

SUSE SLES12 Security Update : mailman (SUSE-SU-2022:1886-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1886-1 advisory. - GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrftoken value is derived from the admin password, an...

8.8CVSS6.7AI score0.01284EPSS
Exploits0References13
redhatcve
redhatcve
added 2021/11/29 7:32 a.m.31 views

CVE-2021-43331

A flaw was found in mailman in the Cgi/options.py user options page. This flaw allows a malicious attacker to carry out a Cross-site Scripting attack by providing a crafted URL as input, leading to the execution of arbitrary JavaScript code. The highest threat from this vulnerability is...

6.1CVSS3.1AI score0.01284EPSS
Exploits0References4
ubuntu
ubuntu
added 2021/11/25 12:32 p.m.41 views

USN-5151-2: Mailman vulnerabilities

USN-5151-1 fixed several vulnerabilities in Mailman. This update provides the corresponding update for Ubuntu 20.04 ESM. Original advisory details: It was discovered that Mailman incorrectly handled certain URL. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-43331 I...

6.5CVSS7.3AI score0.01284EPSS
Exploits0
openvas
openvas
added 2021/11/19 12:0 a.m.21 views

Ubuntu: Security Advisory (USN-5151-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.7AI score0.01284EPSS
Exploits0References4
ubuntu
ubuntu
added 2021/11/18 1:55 p.m.73 views

USN-5151-1: Mailman vulnerabilities

It was discovered that Mailman incorrectly handled certain URL. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-43331 It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information...

6.5CVSS7.2AI score0.01284EPSS
Exploits0References2
openvas
openvas
added 2021/11/15 12:0 a.m.28 views

Mailman < 2.1.36 Multiple Vulnerabilities

Mailman is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gnu:mailman"; ifdescription...

6.5CVSS6.8AI score0.01284EPSS
Exploits0References1
altlinux
altlinux
added 2021/11/13 12:0 a.m.56 views

Security fix for the ALT Linux 9 package mailman version 5:2.1.36-alt1

Nov. 13, 2021 Konstantin Lepikhov 5:2.1.36-alt1 - Updated to 2.1.36. - Security fixes: + CVE-2021-43331: A potential XSS attack via the user options. + CVE-2021-43332: A potential for for a list moderator to carry out an off-line brute force attack to obtain the list admin password...

4.3CVSS6.4AI score0.01284EPSS
Exploits0
cve
cve
added 2021/11/12 8:44 p.m.117 views

CVE-2021-43331

GNU Mailman before 2.1.36 is affected. A crafted URL to the Cgi/options.py user options page can trigger cross-site scripting (XSS) by executing arbitrary JavaScript. Public sources confirm fixes in Mailman 2.1.36 and later; apply the upgrade to mitigate. The documentation also references related...

6.1CVSS6.5AI score0.01284EPSS
Exploits0References3Affected Software1
freebsd
freebsd
added 2021/11/01 12:0 a.m.34 views

mailman -- 2.1.37 fixes XSS via user options, and moderator offline brute-force vuln against list admin password

Mark Sapiro reports: A potential XSS attack via the user options page has been reported by Harsh Jaiswal. This is fixed. CVE-2021-43331 LP: 1949401. A potential for for a list moderator to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas...

6.5CVSS6.5AI score0.01284EPSS
Exploits0References3
Rows per page
Query Builder