Lucene search
K

256 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2020-12137

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against...

6.1CVSS6.7AI score0.02288EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.24 views

RHEL 6 : mailman (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mailman: CSRF token bypass allows to perform CSRF attacks and account takeover CVE-2021-42097 - mailman:...

7.7AI score0.02698EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2023/12/04 12:0 a.m.27 views

Amazon Linux 2 : mailman (ALAS-2023-2370)

The version of mailman installed on the remote host is prior to 2.1.15-30. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2370 advisory. In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for...

6.5CVSS7AI score0.01284EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.18 views

Rocky Linux 8 : mailman:2.1 (RLSA-2021:1751)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1751 advisory. - /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. CVE-2020-12108 - GNU Mailman before 2.1.33 allows arbitrary content...

6.5CVSS6.5AI score0.02698EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.27 views

Oracle Linux 7 : mailman (ELSA-2020-1054)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-1054 advisory. - Resolves: 1599692 - Sanitize input on listinfo page CVE-2018-0618 Tenable has extracted the preceding description block directly from the Oracle Linu...

6.5CVSS6.3AI score0.02541EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.25 views

Oracle Linux 8 : mailman:2.1 (ELSA-2021-4826)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-4826 advisory. - Fix for CVE-2021-42096 - Fix for CVE-2021-42097 Tenable has extracted the preceding description block directly from the Oracle Linux security advisor...

8.5CVSS6.7AI score0.01289EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:57 a.m.3 views

SUSE CVE-2010-3089

Multiple cross-site scripting XSS vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving 1 the list information field or 2 the list description field...

3.5CVSS5.7AI score0.01973EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:54 a.m.5 views

SUSE CVE-2011-0707

Multiple cross-site scripting XSS vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 full name or 2 username field in a confirmation message...

4.3CVSS5.9AI score0.04248EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:58 a.m.4 views

SUSE CVE-2016-7123

Cross-site request forgery CSRF vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators...

8.8CVSS8.9AI score0.0153EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:25 a.m.4 views

SUSE CVE-2018-13796

An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site...

4.3CVSS8.8AI score0.02541EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.3 views

SUSE CVE-2020-12108

/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection...

4.3CVSS7AI score0.02698EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:57 a.m.5 views

SUSE CVE-2020-15011

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page...

6.5CVSS7.5AI score0.01888EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.4 views

SUSE CVE-2021-40347

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...

5.4CVSS5.3AI score0.01176EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.2 views

SUSE CVE-2021-42096

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrftoken value is derived from the admin password, and may be useful in conducting a brute-force attack against that password...

5.3CVSS7AI score0.0121EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.3 views

SUSE CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

7.1CVSS7.2AI score0.01284EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.4 views

SUSE CVE-2021-43332

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...

7.4CVSS6.9AI score0.01072EPSS
Exploits0References4
OSV
OSV
added 2022/09/23 11:4 a.m.2 views

OESA-2022-1931 mailman security update

Mailman is free software for managing electronic mail discussion and e-newsletter lists. Mailman is integrated with the web, making it easy for users to manage their accounts and for list owners to administer their lists. Mailman supports built-in archiving, automatic bounce processing, content...

8.8CVSS7.3AI score0.01284EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/06/01 12:0 a.m.30 views

SUSE SLES12 Security Update : mailman (SUSE-SU-2022:1886-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1886-1 advisory. - GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrftoken value is derived from the admin password, an...

8.8CVSS6.7AI score0.01284EPSS
Exploits0References13
OSV
OSV
added 2022/05/24 7:14 p.m.14 views

GHSA-V83X-78Q3-GR2J GNU Mailman Postorius Access Control Issues

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...

5.4CVSS5AI score0.01176EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2022/05/24 7:14 p.m.20 views

GNU Mailman Postorius Access Control Issues

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...

5.5CVSS5.1AI score0.01176EPSS
Exploits1References9Affected Software1
Rows per page
Query Builder