Download
| Alert*
oval:org.secpod.oval:def:506613
Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: CSRF token bypass allows to perform CSRF attacks and account takeover * mailman: CSRF token derived from admin password allows offline brute-force attack For more details about the security issue, including ... oval:org.secpod.oval:def:506617 Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: CSRF token bypass allows to perform CSRF attacks and account takeover * mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover * mailman: CSRF protection missing in the user options pag ... oval:org.secpod.oval:def:1505340 [3:2.1.29-12.2] - Fix for CVE-2021-44227 - Resolves: #2026871 [3:2.1.29-12.1] - Fix for CVE-2021-42096 - Fix for CVE-2021-42097 - Resolves: #2021139, #2020692 oval:org.secpod.oval:def:4501300 Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: CSRF token bypass allows to perform CSRF attacks and account takeover * mailman: CSRF token derived from admin password allows offline brute-force attack For more details about the security issue, including ... oval:org.secpod.oval:def:75995 mailman: Web-based mailing list manager Several security issues were fixed in Mailman. oval:org.secpod.oval:def:706192 mailman: Web-based mailing list manager Several security issues were fixed in Mailman. oval:org.secpod.oval:def:1505289 [3:2.1.29-12.1] - Fix for CVE-2021-42096 - Fix for CVE-2021-42097 - Resolves: #2021139, #2020692 oval:org.secpod.oval:def:2106857 Oracle Solaris 11 - ( CVE-2021-42097 ) oval:org.secpod.oval:def:2500443 Mailman is a program used to help manage e-mail discussion lists. oval:org.secpod.oval:def:205921 Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: CSRF token bypass allows to perform CSRF attacks and account takeover * mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover * mailman: CSRF protection missing in the user options pag ... oval:org.secpod.oval:def:1700795 Cross-site request forgery vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. A Cross-Site R ... oval:org.secpod.oval:def:1505339 [3:2.1.15-30.2] - Fix for CVE-2021-44227 - Resolves: #2026866 [3:2.1.15-30.1] - Fix for CVE-2016-6893 - Fix for CVE-2021-42097 - Resolves: #2024884, #2020688 oval:org.secpod.oval:def:605659 Several vulnerabilities were discovered in mailman, a web-based mailing list manager, which could result in arbitrary content injection via the options and private archive login pages, and CSRF attacks or privilege escalation via the user options page. oval:org.secpod.oval:def:706201 mailman: Web-based mailing list manager Details: USN-5009-1 fixed vulnerabilities in Mailman. This update provides the corresponding updates for Ubuntu 20.04 LTS. In addition, the following CVEs were fixed: It was discovered that Mailman allows arbitrary content injection. An attacker could use this ... oval:org.secpod.oval:def:76357 mailman: Web-based mailing list manager Details: USN-5009-1 fixed vulnerabilities in Mailman. This update provides the corresponding updates for Linux Mint 20.x LTS. In addition, the following CVEs were fixed: It was discovered that Mailman allows arbitrary content injection. An attacker could use t ... oval:org.secpod.oval:def:75883 Several vulnerabilities were discovered in mailman, a web-based mailing list manager, which could result in arbitrary content injection via the options and private archive login pages, and CSRF attacks or privilege escalation via the user options page. |