Download
| Alert*
oval:org.secpod.oval:def:506617
Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: CSRF token bypass allows to perform CSRF attacks and account takeover * mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover * mailman: CSRF protection missing in the user options pag ... oval:org.secpod.oval:def:506616 Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the ... oval:org.secpod.oval:def:2500507 Mailman is a program used to help manage e-mail discussion lists. oval:org.secpod.oval:def:706244 mailman: Web-based mailing list manager A system hardening measure could be bypassed. oval:org.secpod.oval:def:4501395 Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the ... oval:org.secpod.oval:def:1505340 [3:2.1.29-12.2] - Fix for CVE-2021-44227 - Resolves: #2026871 [3:2.1.29-12.1] - Fix for CVE-2021-42096 - Fix for CVE-2021-42097 - Resolves: #2021139, #2020692 oval:org.secpod.oval:def:77035 mailman: Web-based mailing list manager A system hardening measure could be bypassed. oval:org.secpod.oval:def:2107181 Oracle Solaris 11 - ( CVE-2021-44227 ) oval:org.secpod.oval:def:89046360 This update for mailman fixes the following issues: - CVE-2021-44227: Preventing list moderator or list member accessing the admin UI . - CVE-2021-43332: Preventing list moderator from cracking the list admin password encrypted in a CSRF token . - CVE-2021-43331: Fixed XSS in Cgi/options.py . - CVE- ... oval:org.secpod.oval:def:205921 Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: CSRF token bypass allows to perform CSRF attacks and account takeover * mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover * mailman: CSRF protection missing in the user options pag ... oval:org.secpod.oval:def:1700795 Cross-site request forgery vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. A Cross-Site R ... oval:org.secpod.oval:def:1505339 [3:2.1.15-30.2] - Fix for CVE-2021-44227 - Resolves: #2026866 [3:2.1.15-30.1] - Fix for CVE-2016-6893 - Fix for CVE-2021-42097 - Resolves: #2024884, #2020688 |