Lucene search
K

255 matches found

OpenVAS
OpenVAS
added 2021/11/15 12:0 a.m.28 views

Mailman < 2.1.36 Multiple Vulnerabilities

Mailman is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gnu:mailman"; ifdescription...

6.5CVSS6.8AI score0.01284EPSS
Exploits0References1
OSV
OSV
added 2021/11/12 9:15 p.m.2 views

CVE-2021-43332

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...

6.5CVSS6.7AI score0.01072EPSS
Exploits0References3
OSV
OSV
added 2021/11/12 9:15 p.m.4 views

CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

6.1CVSS6.8AI score0.01284EPSS
Exploits0References3
NVD
NVD
added 2021/11/12 9:15 p.m.23 views

CVE-2021-43332

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...

6.5CVSS0.01072EPSS
Exploits0References3
NVD
NVD
added 2021/11/12 9:15 p.m.25 views

CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

6.1CVSS0.01284EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/11/12 9:15 p.m.2 views

CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

6.1CVSS6.9AI score0.01284EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2021/11/12 9:15 p.m.30 views

CVE-2021-43332

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...

6.5CVSS6.7AI score0.01072EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2021/11/12 9:15 p.m.4 views

CVE-2021-43332

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...

6.5CVSS6.5AI score0.01072EPSS
Exploits0References5
Prion
Prion
added 2021/11/12 9:15 p.m.31 views

Cross site scripting

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

4.3CVSS6.5AI score0.01284EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2021/11/12 9:15 p.m.2 views

UBUNTU-CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

6.1CVSS7AI score0.01284EPSS
Exploits0References6
OSV
OSV
added 2021/11/12 9:15 p.m.1 views

UBUNTU-CVE-2021-43332

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...

6.5CVSS6.8AI score0.01072EPSS
Exploits0References6
CVE
CVE
added 2021/11/12 8:45 p.m.104 views

CVE-2021-43332

CVE-2021-43332 affects GNU Mailman before 2.1.36. The CSRF token on Cgi/admindb.py admindb page contains an encrypted version of the list admin password, which could potentially be cracked by a moderator via offline brute-force. Documents correlate this with other Mailman issues (e.g., CVE-2021-4...

6.5CVSS6.4AI score0.01072EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/11/12 8:44 p.m.117 views

CVE-2021-43331

GNU Mailman before 2.1.36 is affected. A crafted URL to the Cgi/options.py user options page can trigger cross-site scripting (XSS) by executing arbitrary JavaScript. Public sources confirm fixes in Mailman 2.1.36 and later; apply the upgrade to mitigate. The documentation also references related...

6.1CVSS6.5AI score0.01284EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/11/12 8:44 p.m.24 views

CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

6.9AI score0.01284EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2021/11/12 8:44 p.m.33 views

CVE-2021-43331

Removed by vendor...

6.1CVSS6.7AI score0.01284EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/11/12 12:0 a.m.5 views

PT-2021-5364 · Unknown +4 · Gnu Mailman +4

Name of the Vulnerable Software and Affected Versions: GNU Mailman versions prior to 2.1.36 Description: The issue is related to a crafted URL to the "Cgi/options.py" user options page, which can execute arbitrary JavaScript for XSS. This is due to inadequate protection of the web page structure....

8.8CVSS6.8AI score0.01289EPSS
Exploits0References46
Positive Technologies
Positive Technologies
added 2021/11/12 12:0 a.m.4 views

PT-2021-5365 · Unknown +4 · Gnu Mailman +4

Name of the Vulnerable Software and Affected Versions: GNU Mailman versions prior to 2.1.36 Description: The issue is related to insufficient restriction of authentication attempts in GNU Mailman, allowing a remote attacker to bypass authentication by guessing the administrator's password using a...

8.8CVSS6.5AI score0.01289EPSS
Exploits0References45
CNNVD
CNNVD
added 2021/11/12 12:0 a.m.3 views

GNU Mailman 跨站脚本漏洞

GNU Mailman is a free suite of software from the GNU community for managing e-mail discussions and e-mail lists. The software can be integrated with Web projects to make it easy for users to manage email subscription accounts and provides built-in archiving, automatic forwarding processing, conte...

6.1CVSS5.6AI score0.01284EPSS
Exploits0References8
Veracode
Veracode
added 2021/11/09 1:50 p.m.32 views

Cross-Site Scripting (XSS)

GNU Mailman is vulnerable to cross-site scripting. The vulnerability exists due to HTTP reply from an archive web server lacking a MIME type, and a web browser performing MIME sniffing may conclude that the MIME type should have been text/html, and execute JavaScript code...

6.1CVSS0.2AI score0.02288EPSS
Exploits0References14Affected Software1
Veracode
Veracode
added 2021/10/25 3:38 a.m.29 views

Privilege Escalation

GNU Mailman allows remote Privilege Escalation. A csrftoken value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin e.g., for account takeover...

8CVSS5.2AI score0.01289EPSS
Exploits0References6Affected Software3
Rows per page
Query Builder