Download
| Alert*
|
oval:org.secpod.oval:def:89043828
This update for mailman fixes the following security vulnerabilities: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user"s browser via specially encoded URLs - Fixed a directory traversal vulnerability in MTA transports ... oval:org.secpod.oval:def:89003352 This update for mailman fixes the following issues: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user"s browser via specially encoded URLs - Fixed a directory traversal vulnerability in MTA transports when using the re ... oval:org.secpod.oval:def:503615 Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: Cross-site scripting vulnerability allows malicious listowners to inject scripts into listinfo pages * mailman: Mishandled URLs in Utils.py:GetPathPieces allows attackers to display arbitrary text on trusted ... oval:org.secpod.oval:def:63492 mailman: Web-based mailing list manager Several security issues were fixed in Mailman. oval:org.secpod.oval:def:1601162 Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a tru ... oval:org.secpod.oval:def:705455 mailman: Web-based mailing list manager Several security issues were fixed in Mailman. oval:org.secpod.oval:def:114900 Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing list a webpage, and allows users to subscribe, unsubscribe, etc. over the Web. Even the list manager can administer his or her list entirely from the ... oval:org.secpod.oval:def:2106018 Oracle Solaris 11 - ( CVE-2020-12137 ) oval:org.secpod.oval:def:1504224 [3:2.1.15-30] - Resolves: #1599692 - Sanitize input on listinfo page [3:2.1.15-29] - Resolves: #1611689 - Trim long text in "no such list" messages [3:2.1.15-28] - Resolves: #1718180 - Try to decode member name first [3:2.1.15-27] - Related : #1545973 - Bump release to override rhel-7.4.z version oval:org.secpod.oval:def:1700453 A cross-site scripting vulnerability has been discovered in mailman due to the host_name field not being properly validated. A malicious list owner could use this flaw to create a specially crafted list and inject client-side scripts. An issue was discovered in GNU Mailman before 2.1.28. A crafted ... oval:org.secpod.oval:def:205519 Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: Cross-site scripting vulnerability allows malicious listowners to inject scripts into listinfo pages * mailman: Mishandled URLs in Utils.py:GetPathPieces allows attackers to display arbitrary text on trusted ... |
