CVE-2021-43332

CVE-2021-43332 affects GNU Mailman before 2.1.36. The CSRF token on Cgi/admindb.py admindb page contains an encrypted version of the list admin password, which could potentially be cracked by a moderator via offline brute-force. Documents correlate this with other Mailman issues (e.g., CVE-2021-4...

CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

CVE-2021-43331

Removed by vendor...

CVE-2021-43331

GNU Mailman before 2.1.36 is affected. A crafted URL to the Cgi/options.py user options page can trigger cross-site scripting (XSS) by executing arbitrary JavaScript. Public sources confirm fixes in Mailman 2.1.36 and later; apply the upgrade to mitigate. The documentation also references related...

[SECURITY] Fedora 35 Update: q-7.11-44.fc35

Q is a powerful and extensible functional programming language based on the term rewriting calculus. You specify an arbitrary system of equations which the interpreter uses as rewrite rules to reduce expressions to normal form. Q is useful for scientific programming and other advanced application...

GNU Mailman 跨站脚本漏洞

GNU Mailman is a free suite of software from the GNU community for managing e-mail discussions and e-mail lists. The software can be integrated with Web projects to make it easy for users to manage email subscription accounts and provides built-in archiving, automatic forwarding processing, conte...

PT-2021-5364 · Unknown +4 · Gnu Mailman +4

Name of the Vulnerable Software and Affected Versions: GNU Mailman versions prior to 2.1.36 Description: The issue is related to a crafted URL to the "Cgi/options.py" user options page, which can execute arbitrary JavaScript for XSS. This is due to inadequate protection of the web page structure....

PT-2021-5365 · Unknown +4 · Gnu Mailman +4

Name of the Vulnerable Software and Affected Versions: GNU Mailman versions prior to 2.1.36 Description: The issue is related to insufficient restriction of authentication attempts in GNU Mailman, allowing a remote attacker to bypass authentication by guessing the administrator's password using a...

Apache HTTP Server 2.4.50 - Remote Code Execution Exploit (3)

Exploit Title: Apache HTTP Server 2.4.50 - Remote Code Execution RCE 3 Exploit Author: Valentin Lobstein Vendor Homepage: https://apache.org/ Software Link: https://github.com/Balgogan/CVE-2021-41773 Version: Apache 2.4.49/2.4.50 CGI enabled Tested on: Debian GNU/Linux CVE : CVE-2021-41773 /...

Apache HTTP Server 2.4.50 Remote Code Execution

Exploit Title: Apache HTTP Server 2.4.50 - Remote Code Execution RCE 3 Date: 11/11/2021 Exploit Author: Valentin Lobstein Vendor Homepage: https://apache.org/ Software Link: https://github.com/Balgogan/CVE-2021-41773 Version: Apache 2.4.49/2.4.50 CGI enabled Tested on: Debian GNU/Linux CVE :...

EulerOS 2.0 SP5 : compat-glibc (EulerOS-SA-2021-2653)

According to the versions of the compat-glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The wordexp function in the GNU C Library aka glibc through 2.33 may crash or read arbitrary memory in parseparam in posix/wordexp.c when...

Mozilla Firefox Security Advisory (MFSA2012-90) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c

The nameserver caching daemon nscd in the GNU C Library aka glibc or libc6, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system...

Cross-Site Scripting (XSS)

GNU Mailman is vulnerable to cross-site scripting. The vulnerability exists due to HTTP reply from an archive web server lacking a MIME type, and a web browser performing MIME sniffing may conclude that the MIME type should have been text/html, and execute JavaScript code...

RLSA-2021:4386 Low: gcc security and bug fix update

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fixes: libiberty: Integer overflow in demangletemplate function CVE-2018-20673 For more details about the security issues, including the impact, a CVSS score,...

Low: gcc security and bug fix update

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fixes: libiberty: Integer overflow in demangletemplate function CVE-2018-20673 For more details about the security issues, including the impact, a CVSS score,...

Unspecified Vulnerability in GNU Hurd (CNVD-2021-100614)

Gnu Hurd is a Gnu project replacement for the Unix kernel. It is used to implement file systems, network protocols, file access control, and other features implemented by the Unix kernel or similar kernels such as Linux. A security vulnerability exists in GNU Hurd, which originated in GNU Hurd...

GNU Hurd has an unspecified vulnerability (CNVD-2021-100612)

Gnu Hurd is a Gnu project replacement for the Unix kernel. A security vulnerability exists in GNU Hurd, which stems from the fact that in versions of GNU Hurd prior to 0.9 20210404-9 each person who maps a file shares a page navigation port, allowing anyone to modify any file they can read. any...

GNU Hurd has an unspecified vulnerability (CNVD-2021-100615)

Gnu Hurd is a Gnu Project replacement for the Unix kernel. Used to implement the file system, network protocols, file access control, and other features implemented by the Unix kernel or similar kernels such as Linux, GNU Hurd has a security vulnerability that could be exploited by an attacker to...

GNU Hurd has unspecified vulnerabilities

Gnu Hurd is a Gnu project replacement for the Unix kernel. It is used to implement the file system, network protocols, file access control, and other features implemented by the Unix kernel or similar kernels such as Linux. GNU Hurd suffers from a security vulnerability that stems from the use of...