Количество 29
Количество 29
ELSA-2021-4913
ELSA-2021-4913: mailman security update (IMPORTANT)
CVE-2021-42097
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
CVE-2021-42097
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
CVE-2021-42097
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
CVE-2021-42097
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csr ...
GHSA-vj65-f4hc-r425
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
openSUSE-SU-2021:1436-1
Security update for mailman
RLSA-2021:4826
Important: mailman:2.1 security update
ELSA-2021-4826
ELSA-2021-4826: mailman:2.1 security update (IMPORTANT)
CVE-2021-44227
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
CVE-2021-44227
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
CVE-2021-44227
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
CVE-2021-44227
In GNU Mailman before 2.1.38, a list member or moderator can get a CSR ...
CVE-2016-6893
Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.
CVE-2016-6893
Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.
CVE-2016-6893
Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.
CVE-2016-6893
Cross-site request forgery (CSRF) vulnerability in the user options pa ...
SUSE-SU-2019:14068-1
Security update for mailman
SUSE-SU-2018:1638-1
Security update for mailman
RLSA-2021:4916
Important: mailman:2.1 security update
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| ELSA-2021-4913 ELSA-2021-4913: mailman security update (IMPORTANT) | больше 3 лет назад | ||
 | CVE-2021-42097 GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover). | CVSS3: 8 | 1% Низкий | больше 3 лет назад |
 | CVE-2021-42097 GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover). | CVSS3: 8 | 1% Низкий | больше 3 лет назад |
 | CVE-2021-42097 GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover). | CVSS3: 8 | 1% Низкий | больше 3 лет назад |
| CVE-2021-42097 GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csr ... | CVSS3: 8 | 1% Низкий | больше 3 лет назад |
| GHSA-vj65-f4hc-r425 GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover). | 1% Низкий | около 3 лет назад | |
 | openSUSE-SU-2021:1436-1 Security update for mailman | больше 3 лет назад | ||
 | RLSA-2021:4826 Important: mailman:2.1 security update | больше 3 лет назад | ||
| ELSA-2021-4826 ELSA-2021-4826: mailman:2.1 security update (IMPORTANT) | больше 3 лет назад | ||
| CVE-2021-44227 In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
| CVE-2021-44227 In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. | CVSS3: 8 | 0% Низкий | больше 3 лет назад |
| CVE-2021-44227 In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
| CVE-2021-44227 In GNU Mailman before 2.1.38, a list member or moderator can get a CSR ... | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
| CVE-2016-6893 Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. | CVSS3: 8.8 | 0% Низкий | почти 9 лет назад |
| CVE-2016-6893 Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. | CVSS3: 6.5 | 0% Низкий | почти 9 лет назад |
| CVE-2016-6893 Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. | CVSS3: 8.8 | 0% Низкий | почти 9 лет назад |
| CVE-2016-6893 Cross-site request forgery (CSRF) vulnerability in the user options pa ... | CVSS3: 8.8 | 0% Низкий | почти 9 лет назад |
| SUSE-SU-2019:14068-1 Security update for mailman | 0% Низкий | около 6 лет назад | |
| SUSE-SU-2018:1638-1 Security update for mailman | 0% Низкий | около 7 лет назад | |
| RLSA-2021:4916 Important: mailman:2.1 security update | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу