Lucene search
GoogleOSV:USN-5121-1HistoryOct 22, 2021 - 5:47 a.m.
mailman vulnerabilities
2021-10-2205:47:18
Google
osv.dev
7
mailman
csrf
token association
brute force
admin password
vulnerability
remote attack
Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman
did not properly associate cross-site request forgery (CSRF) tokens
to specific accounts. A remote attacker could use this to perform a
CSRF attack to gain access to another account. (CVE-2021-42097)
Andre Protas, Richard Cloke, and Andy Nuttall discovered that Mailman’s
cross-site request forgery (CSRF) tokens for the options page are
derived from the admin password. A remote attacker could possibly use
this to assist in performing a brute force attack against the admin
password. (CVE-2021-42096)
Related
altlinux
altlinux
Security fix for the ALT Linux 9 package mailman version 5:2.1.35-alt1
2021-11-06 00:00:00
osv
osv
mailman - security update
2021-10-23 00:00:00
Important: mailman:2.1 security update
2021-11-23 20:17:35
Important: mailman:2.1 security update
2021-11-23 20:17:35
oraclelinux
oraclelinux
mailman:2.1 security update
2021-11-24 00:00:00
mailman security update
2021-12-03 00:00:00
redhat
redhat
(RHSA-2021:4837) Important: mailman:2.1 security update
2021-11-24 08:16:24
(RHSA-2021:4826) Important: mailman:2.1 security update
2021-11-23 20:17:35
(RHSA-2021:4839) Important: mailman:2.1 security update
2021-11-24 08:16:29
nessus
nessus
openSUSE 15 Security Update : mailman (openSUSE-SU-2021:1436-1)
2021-11-03 00:00:00
AlmaLinux 8 : mailman:2.1 (ALSA-2021:4826)
2022-02-09 00:00:00
RHEL 8 : mailman:2.1 (RHSA-2021:4839)
2021-11-29 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2791-1)
2021-10-24 00:00:00
Ubuntu: Security Advisory (USN-5121-1)
2021-10-23 00:00:00
Mailman < 2.1.35 Multiple Vulnerabilities
2021-10-26 00:00:00
ubuntu
ubuntu
Mailman vulnerabilities
2021-10-22 00:00:00
Mailman vulnerabilities
2021-11-01 00:00:00
suse
suse
Security update for mailman (important)
2021-11-02 00:00:00
Security update for mailman (important)
2021-11-05 00:00:00
almalinux
almalinux
Important: mailman:2.1 security update
2021-11-23 20:17:35
freebsd
freebsd
debian
debian
[SECURITY] [DLA 2791-1] mailman security update
2021-10-23 16:53:58
[SECURITY] [DSA 4991-1] mailman security update
2021-10-22 18:24:25
[SECURITY] [DSA 4991-1] mailman security update
2021-10-22 18:24:25
rocky
rocky
mailman:2.1 security update
2021-11-23 20:17:35
cve
cve
CVE-2021-42097
2021-10-21 01:15:06
CVE-2021-42096
2021-10-21 01:15:06
redhatcve
redhatcve
CVE-2021-42096
2021-11-05 10:37:52
CVE-2021-42097
2021-11-05 10:26:01
cvelist
cvelist
CVE-2021-42096
2021-10-21 00:40:34
CVE-2021-42097
2021-10-21 00:45:13
nvd
nvd
CVE-2021-42096
2021-10-21 01:15:06
CVE-2021-42097
2021-10-21 01:15:06
prion
prion
Cross site request forgery (csrf)
2021-10-21 01:15:00
Default credentials
2021-10-21 01:15:00
veracode
veracode
Privilege Escalation
2021-10-25 03:38:35
Privilege Escalation
2021-10-25 03:38:34
ubuntucve
ubuntucve
CVE-2021-42096
2021-10-21 00:00:00
CVE-2021-42097
2021-10-21 00:00:00
debiancve
debiancve
CVE-2021-42097
2021-10-21 01:15:06
CVE-2021-42096
2021-10-21 01:15:06
amazon
amazon
Important: mailman
2022-01-18 21:37:00
centos
centos
mailman security update
2021-12-02 23:53:20