Lucene search
K

256 matches found

Veracode
Veracode
added 2021/10/25 3:38 a.m.29 views

Privilege Escalation

GNU Mailman allows remote Privilege Escalation. A csrftoken value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin e.g., for account takeover...

8CVSS5.2AI score0.01289EPSS
Exploits0References6Affected Software3
Veracode
Veracode
added 2021/10/25 3:38 a.m.31 views

Privilege Escalation

GNU Mailman is vulnerable to allow remote Privilege Escalation. A certain csrftoken value is derived from the admin password, and may be useful in conducting a brute-force attack against that password...

4.3CVSS4.5AI score0.0121EPSS
Exploits0References6Affected Software3
Tenable Nessus
Tenable Nessus
added 2021/10/23 12:0 a.m.38 views

Debian DSA-4991-1 : mailman - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-4991 advisory. - /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. CVE-2020-12108 - GNU Mailman before 2.1.33 allows arbitrary content injection...

8.5CVSS6.7AI score0.02698EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2021/10/22 12:0 a.m.32 views

Ubuntu 16.04 ESM / 18.04 LTS : Mailman vulnerabilities (USN-5121-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5121-1 advisory. Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman did not properly associate cross- site request forgery CSRF tokens to...

8.5CVSS6.5AI score0.01289EPSS
Exploits0References3
NVD
NVD
added 2021/10/21 1:15 a.m.21 views

CVE-2021-42096

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrftoken value is derived from the admin password, and may be useful in conducting a brute-force attack against that password...

4.3CVSS0.0121EPSS
Exploits0References4
NVD
NVD
added 2021/10/21 1:15 a.m.13 views

CVE-2021-42097

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrftoken value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin e.g., for account takeover...

8.5CVSS0.01289EPSS
Exploits0References4
OSV
OSV
added 2021/10/21 1:15 a.m.1 views

CVE-2021-42097

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrftoken value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin e.g., for account takeover...

8CVSS5.8AI score0.01289EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/10/21 1:15 a.m.2 views

CVE-2021-42097

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrftoken value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin e.g., for account takeover...

8.5CVSS6.9AI score0.01289EPSS
Exploits0References6
CVE
CVE
added 2021/10/21 12:45 a.m.238 views

CVE-2021-42097

GNU Mailman 2.1.x before 2.1.35 is affected by a CSRF/token bypass vulnerability (CVE-2021-42097) where a csrf_token value is not bound to a single user, enabling a CSRF attack against an admin that can lead to admin account takeover. The issue arises from CSRF protection weaknesses on the user o...

8.5CVSS7.5AI score0.01289EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2021/10/21 12:40 a.m.239 views

CVE-2021-42096

CVE-2021-42096 affects GNU Mailman before 2.1.35 where a CSRF token is derived from the admin password, enabling offline brute-force attacks and contributing to remote privilege escalation. Related advisories (CVE-2021-42097, CVE-2021-44227) describe additional CSRF/token issues and password-rela...

4.3CVSS5.6AI score0.0121EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/10/21 12:40 a.m.24 views

CVE-2021-42096

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrftoken value is derived from the admin password, and may be useful in conducting a brute-force attack against that password...

6.2AI score0.0121EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/10/21 12:0 a.m.2 views

GNU Mailman 跨站请求伪造漏洞

GNU Mailman is a free suite of software from the GNU community for managing e-mail discussions and e-mail lists. The software integrates with Web projects to make it easy for users to manage email subscription accounts and provides built-in archiving, automatic forwarding processing, content...

8.5CVSS7.1AI score0.01289EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2021/10/21 12:0 a.m.2 views

PT-2021-23524 · Unknown +8 · Gnu Mailman +8

Name of the Vulnerable Software and Affected Versions: GNU Mailman versions prior to 2.1.35 Description: The issue allows remote Privilege Escalation. A csrf token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, an...

8.8CVSS6.7AI score0.02698EPSS
Exploits1References80
OSV
OSV
added 2021/10/21 12:0 a.m.3 views

UBUNTU-CVE-2021-42097

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrftoken value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin e.g., for account takeover...

8CVSS7AI score0.01289EPSS
Exploits0References6
PyPA
PyPA
added 2021/09/10 7:15 p.m.9 views

PYSEC-2021-319

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...

5.5CVSS6.9AI score0.01176EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2021/09/10 7:15 p.m.3 views

UBUNTU-CVE-2021-40347

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...

5.4CVSS6AI score0.01176EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2021/09/10 7:15 p.m.27 views

CVE-2021-40347

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...

5.5CVSS6.1AI score0.01176EPSS
Exploits1References3
OSV
OSV
added 2021/09/10 7:15 p.m.17 views

PYSEC-2021-319

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...

5.5CVSS2.9AI score0.01176EPSS
Exploits1References7
Cvelist
Cvelist
added 2021/09/10 6:17 p.m.38 views

CVE-2021-40347

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...

5.4AI score0.01176EPSS
Exploits1References6
CVE
CVE
added 2021/09/10 6:17 p.m.75 views

CVE-2021-40347

The CVE-2021-40347 issue affects GNU Mailman Postorius (views/list.py) for versions before 1.3.5. An authenticated attacker can send a crafted POST request to unsubscribe any user from a mailing list and can reveal whether that address was subscribed. Remediation: upgrade Postorius to 1.3.5 or ne...

5.5CVSS5AI score0.01176EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder