256 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-12137
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against...
RHEL 6 : mailman (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mailman: CSRF token bypass allows to perform CSRF attacks and account takeover CVE-2021-42097 - mailman:...
Amazon Linux 2 : mailman (ALAS-2023-2370)
The version of mailman installed on the remote host is prior to 2.1.15-30. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2370 advisory. In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for...
Rocky Linux 8 : mailman:2.1 (RLSA-2021:1751)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1751 advisory. - /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. CVE-2020-12108 - GNU Mailman before 2.1.33 allows arbitrary content...
Oracle Linux 7 : mailman (ELSA-2020-1054)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-1054 advisory. - Resolves: 1599692 - Sanitize input on listinfo page CVE-2018-0618 Tenable has extracted the preceding description block directly from the Oracle Linu...
Oracle Linux 8 : mailman:2.1 (ELSA-2021-4826)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-4826 advisory. - Fix for CVE-2021-42096 - Fix for CVE-2021-42097 Tenable has extracted the preceding description block directly from the Oracle Linux security advisor...
SUSE CVE-2010-3089
Multiple cross-site scripting XSS vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving 1 the list information field or 2 the list description field...
SUSE CVE-2011-0707
Multiple cross-site scripting XSS vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 full name or 2 username field in a confirmation message...
SUSE CVE-2016-7123
Cross-site request forgery CSRF vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators...
SUSE CVE-2018-13796
An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site...
SUSE CVE-2020-12108
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection...
SUSE CVE-2020-15011
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page...
SUSE CVE-2021-40347
An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...
SUSE CVE-2021-42096
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrftoken value is derived from the admin password, and may be useful in conducting a brute-force attack against that password...
SUSE CVE-2021-43331
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...
SUSE CVE-2021-43332
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...
OESA-2022-1931 mailman security update
Mailman is free software for managing electronic mail discussion and e-newsletter lists. Mailman is integrated with the web, making it easy for users to manage their accounts and for list owners to administer their lists. Mailman supports built-in archiving, automatic bounce processing, content...
SUSE SLES12 Security Update : mailman (SUSE-SU-2022:1886-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1886-1 advisory. - GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrftoken value is derived from the admin password, an...
GHSA-V83X-78Q3-GR2J GNU Mailman Postorius Access Control Issues
An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...
GNU Mailman Postorius Access Control Issues
An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...