Lucene search
K

16 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2021-43332

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentiall...

6.5CVSS6.7AI score0.01072EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.27 views

RHEL 7 : mailman (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mailman: XSS in Cgi/options.py via crafted URL CVE-2021-43331 - mailman: a list moderator can crack the...

7.1AI score0.01284EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.4 views

SUSE CVE-2021-43332

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...

7.4CVSS6.9AI score0.01072EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/06/10 12:0 a.m.18 views

Debian: Security Advisory (DLA-3049-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.5AI score0.01284EPSS
Exploits0References4
Debian
Debian
added 2022/06/09 10:14 a.m.35 views

[SECURITY] [DLA 3049-1] mailman security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3049-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler June 09, 2022 https://wiki.debian.org/LTS -...

8.8CVSS8.7AI score0.01284EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/06/01 12:0 a.m.30 views

SUSE SLES12 Security Update : mailman (SUSE-SU-2022:1886-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1886-1 advisory. - GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrftoken value is derived from the admin password, an...

8.8CVSS6.7AI score0.01284EPSS
Exploits0References13
OpenVAS
OpenVAS
added 2022/06/01 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2022:1886-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.2AI score0.01284EPSS
Exploits0References7
Ubuntu
Ubuntu
added 2021/11/25 12:32 p.m.41 views

USN-5151-2: Mailman vulnerabilities

USN-5151-1 fixed several vulnerabilities in Mailman. This update provides the corresponding update for Ubuntu 20.04 ESM. Original advisory details: It was discovered that Mailman incorrectly handled certain URL. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-43331 I...

6.5CVSS7.3AI score0.01284EPSS
Exploits0
ALT Linux
ALT Linux
added 2021/11/19 12:0 a.m.32 views

Security fix for the ALT Linux 9 package mailman version 5:2.1.37-alt1

5:2.1.37-alt1 built Nov. 19, 2021 Dmitry V. Levin in task 289143 Nov. 13, 2021 Dmitry V. Levin - 2.1.36 - 2.1.37 fixes bug in the fix for CVE-2021-43332...

4CVSS6.8AI score0.01072EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/11/19 12:0 a.m.21 views

Ubuntu: Security Advisory (USN-5151-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.7AI score0.01284EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2021/11/18 1:55 p.m.73 views

USN-5151-1: Mailman vulnerabilities

It was discovered that Mailman incorrectly handled certain URL. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-43331 It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information...

6.5CVSS7.2AI score0.01284EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/11/15 12:0 a.m.28 views

Mailman < 2.1.36 Multiple Vulnerabilities

Mailman is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gnu:mailman"; ifdescription...

6.5CVSS6.8AI score0.01284EPSS
Exploits0References1
ALT Linux
ALT Linux
added 2021/11/13 12:0 a.m.42 views

Security fix for the ALT Linux 9 package mailman version 5:2.1.36-alt1

Nov. 13, 2021 Konstantin Lepikhov 5:2.1.36-alt1 - Updated to 2.1.36. - Security fixes: + CVE-2021-43331: A potential XSS attack via the user options. + CVE-2021-43332: A potential for for a list moderator to carry out an off-line brute force attack to obtain the list admin password...

4.3CVSS6.4AI score0.01284EPSS
Exploits0
Debian CVE
Debian CVE
added 2021/11/12 8:45 p.m.29 views

CVE-2021-43332

Removed by vendor...

6.5CVSS6.8AI score0.01072EPSS
Exploits0
CVE
CVE
added 2021/11/12 8:45 p.m.105 views

CVE-2021-43332

CVE-2021-43332 affects GNU Mailman before 2.1.36. The CSRF token on Cgi/admindb.py admindb page contains an encrypted version of the list admin password, which could potentially be cracked by a moderator via offline brute-force. Documents correlate this with other Mailman issues (e.g., CVE-2021-4...

6.5CVSS6.4AI score0.01072EPSS
Exploits0References3Affected Software1
FreeBSD
FreeBSD
added 2021/11/01 12:0 a.m.34 views

mailman -- 2.1.37 fixes XSS via user options, and moderator offline brute-force vuln against list admin password

Mark Sapiro reports: A potential XSS attack via the user options page has been reported by Harsh Jaiswal. This is fixed. CVE-2021-43331 LP: 1949401. A potential for for a list moderator to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas...

6.5CVSS6.5AI score0.01284EPSS
Exploits0References3
Rows per page
Query Builder