GNU Mailman Cross-Site Scripting Vulnerability (CNVD-2021-88206)

GNU Mailman is a free suite of software from the GNU community for managing e-mail discussions and e-mail lists. The software can be integrated with Web projects to make it easy for users to manage email subscription accounts and provides built-in archiving, automatic forwarding processing, conte...

openSUSE 15 Security Update : binutils (openSUSE-SU-2021:1475-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1475-1 advisory. Update to binutils 2.37: The GNU Binutils sources now requires a C99 compiler and library to build. Support for Realm Management Extension RME fo...

Moderate: Red Hat Security Advisory: devtoolset-11-gcc security update

An update for devtoolset-11-gcc is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

OPENSUSE-SU-2021:1475-1 Security update for binutils

This update for binutils fixes the following issues: Update to binutils 2.37: The GNU Binutils sources now requires a C99 compiler and library to build. Support for Realm Management Extension RME for AArch64 has been added. A new linker option '-z report-relative-reloc' for x86 ELF targets has be...

CVE-2021-43618

GNU Multiple Precision Arithmetic Library GMP through 6.2.1 has an mpz/inpraw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms...

DEBIAN-CVE-2021-43618

GNU Multiple Precision Arithmetic Library GMP through 6.2.1 has an mpz/inpraw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms...

CVE-2021-43618

GNU Multiple Precision Arithmetic Library GMP through 6.2.1 has an mpz/inpraw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms...

CVE-2021-43618

CVE-2021-43618 affects GMP up to version 6.2.1. The issue is an integer overflow in mpz/inp_raw.c that can cause a buffer overflow, leading to a segmentation fault on 32‑bit platforms. Public advisories in multiple distributions confirm a patched release is available (e.g., GMP 6.2.1-2 and newer;...

Gnu Multiple Precision Arithmetic Library 输入验证错误漏洞

Gnu Multiple Precision Arithmetic Library Gmp is a free library for arbitrary precision arithmetic from the Gnu Project. It is used to perform arithmetic on signed integers, rational numbers and floating point numbers. A security vulnerability exists in GNU Multiple Precision Arithmetic Library G...

Mailman < 2.1.36 Multiple Vulnerabilities

Mailman is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gnu:mailman"; ifdescription...

Vulnerabilities fixed in GNU Mailman

The developers of GNU Mailman have fixed two vulnerabilities fixed in GNU Mailman. The vulnerabilities could be exploited by a malicious person to gain access to the administrator password, or to use a cross-site scripting attack to execute code in the scope of the affected browser. To gain acces...

CVE-2021-43618

GNU Multiple Precision Arithmetic Library GMP through 6.2.1 has an mpz/inpraw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms...

CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

CVE-2021-43332

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...

CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

CVE-2021-43332

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...

Cross site scripting

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

UBUNTU-CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

CVE-2021-43332

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack...