Debian DSA-4991-1 : mailman - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-4991 advisory. - /options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. CVE-2020-12108 - GNU Mailman before 2.1.33 allows arbitrary content injection...

CLSA-2021-1634922609 Fixed CVEs in glibc: CVE-2021-38604, CVE-2021-35942, CVE-2021-33574

Adopt pthreadattrcopy functionality, test case is included - CVE-2021-33574: avoid use-after-free vulnerability - CVE-2021-35942: avoid out-of-bounds read via signed integer overflow in array index - CVE-2021-38604: considered. No NULL pointer dereference is possible...

Ubuntu 16.04 ESM / 18.04 LTS : Mailman vulnerabilities (USN-5121-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5121-1 advisory. Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman did not properly associate cross- site request forgery CSRF tokens to...

CVE-2021-42097

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrftoken value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin e.g., for account takeover...

CVE-2021-42096

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrftoken value is derived from the admin password, and may be useful in conducting a brute-force attack against that password...

CVE-2021-42097

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrftoken value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin e.g., for account takeover...

CVE-2021-42097

GNU Mailman 2.1.x before 2.1.35 is affected by a CSRF/token bypass vulnerability (CVE-2021-42097) where a csrf_token value is not bound to a single user, enabling a CSRF attack against an admin that can lead to admin account takeover. The issue arises from CSRF protection weaknesses on the user o...

CVE-2021-42096

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrftoken value is derived from the admin password, and may be useful in conducting a brute-force attack against that password...

CVE-2021-42096

CVE-2021-42096 affects GNU Mailman before 2.1.35 where a CSRF token is derived from the admin password, enabling offline brute-force attacks and contributing to remote privilege escalation. Related advisories (CVE-2021-42097, CVE-2021-44227) describe additional CSRF/token issues and password-rela...

GNU Mailman 跨站请求伪造漏洞

GNU Mailman is a free suite of software from the GNU community for managing e-mail discussions and e-mail lists. The software integrates with Web projects to make it easy for users to manage email subscription accounts and provides built-in archiving, automatic forwarding processing, content...

UBUNTU-CVE-2021-42097

GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrftoken value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin e.g., for account takeover...

openSUSE 15 Security Update : util-linux (openSUSE-SU-2021:3474-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:3474-1 advisory. - DISPUTED An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources...

openSUSE: Security Advisory for ncurses (openSUSE-SU-2021:3490-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for mediawiki (FEDORA-2021-56d8173b5e)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for mediawiki (FEDORA-2021-eee8b7514f)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

PT-2021-23524 · Unknown +8 · Gnu Mailman +8

Name of the Vulnerable Software and Affected Versions: GNU Mailman versions prior to 2.1.35 Description: The issue allows remote Privilege Escalation. A csrf token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, an...

Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs

Summary Cloud Pak for Security CP4S v1.7.2.0 and earlier uses packages that are vulnerable to several CVEs. These issues have been addressed in an update. See the Fixes section below for instructions. Vulnerability Details CVEID: CVE-2020-24332 DESCRIPTION: TrouSerS could allow a remote...

openSUSE: Security Advisory for ssh-audit (openSUSE-SU-2021:1383-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Solaris 10 (x86) : 122260-10

SunOS 5.10x86: SunFreeware GNU ESP Ghostscript Patch. Date this patch was last updated by Sun : Oct/18/21 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

Solaris 10 (sparc) : 122259-10

SunOS 5.10: SunFreeware GNU ESP Ghostscript Patch. Date this patch was last updated by Sun : Oct/18/21 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include"compat.inc";...