16 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-43332
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentiall...
RHEL 7 : mailman (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mailman: XSS in Cgi/options.py via crafted URL CVE-2021-43331 - mailman: a list moderator can crack the...
SUSE CVE-2021-43332
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...
Debian: Security Advisory (DLA-3049-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3049-1] mailman security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3049-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler June 09, 2022 https://wiki.debian.org/LTS -...
SUSE SLES12 Security Update : mailman (SUSE-SU-2022:1886-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1886-1 advisory. - GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrftoken value is derived from the admin password, an...
SUSE: Security Advisory (SUSE-SU-2022:1886-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5151-2: Mailman vulnerabilities
USN-5151-1 fixed several vulnerabilities in Mailman. This update provides the corresponding update for Ubuntu 20.04 ESM. Original advisory details: It was discovered that Mailman incorrectly handled certain URL. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-43331 I...
Security fix for the ALT Linux 9 package mailman version 5:2.1.37-alt1
5:2.1.37-alt1 built Nov. 19, 2021 Dmitry V. Levin in task 289143 Nov. 13, 2021 Dmitry V. Levin - 2.1.36 - 2.1.37 fixes bug in the fix for CVE-2021-43332...
Ubuntu: Security Advisory (USN-5151-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5151-1: Mailman vulnerabilities
It was discovered that Mailman incorrectly handled certain URL. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-43331 It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information...
Mailman < 2.1.36 Multiple Vulnerabilities
Mailman is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gnu:mailman"; ifdescription...
Security fix for the ALT Linux 9 package mailman version 5:2.1.36-alt1
Nov. 13, 2021 Konstantin Lepikhov 5:2.1.36-alt1 - Updated to 2.1.36. - Security fixes: + CVE-2021-43331: A potential XSS attack via the user options. + CVE-2021-43332: A potential for for a list moderator to carry out an off-line brute force attack to obtain the list admin password...
CVE-2021-43332
Removed by vendor...
CVE-2021-43332
CVE-2021-43332 affects GNU Mailman before 2.1.36. The CSRF token on Cgi/admindb.py admindb page contains an encrypted version of the list admin password, which could potentially be cracked by a moderator via offline brute-force. Documents correlate this with other Mailman issues (e.g., CVE-2021-4...
mailman -- 2.1.37 fixes XSS via user options, and moderator offline brute-force vuln against list admin password
Mark Sapiro reports: A potential XSS attack via the user options page has been reported by Harsh Jaiswal. This is fixed. CVE-2021-43331 LP: 1949401. A potential for for a list moderator to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas...