FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
8d65aa3b-31ce-11ec-8c32-a14e8e520dc7	mailman -- brute-force vuln on list admin password, and CSRF vuln in releases before 2.1.35 Mark Sapiro reports: A potential for for a list member to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed. A CSRF attack via the user options page could allow takeover of a users account. This is fixed. Discovery 2021-10-18 Entry 2021-10-20 mailman < 2.1.35 mailman-with-htdig < 2.1.35 CVE-2021-42096 CVE-2021-42097 https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1873/NEWS#L8 https://bugs.launchpad.net/mailman/+bug/1947639 https://bugs.launchpad.net/mailman/+bug/1947640

VuXML ID

Description

8d65aa3b-31ce-11ec-8c32-a14e8e520dc7

mailman -- brute-force vuln on list admin password, and CSRF vuln in releases before 2.1.35

Mark Sapiro reports:

A potential for for a list member to carry out an off-line brute force attack to obtain the list admin password has been reported by Andre Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.

A CSRF attack via the user options page could allow takeover of a users account. This is fixed.

Discovery 2021-10-18
Entry 2021-10-20
mailman

< 2.1.35

mailman-with-htdig

< 2.1.35

CVE-2021-42096
CVE-2021-42097
https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/view/1873/NEWS#L8
https://bugs.launchpad.net/mailman/+bug/1947639
https://bugs.launchpad.net/mailman/+bug/1947640