Index: security/vuxml/vuln-2021.xml =================================================================== --- security/vuxml/vuln-2021.xml +++ security/vuxml/vuln-2021.xml @@ -1,3 +1,38 @@ + + fail2ban -- possible RCE vulnerability in mailing action using mailutils + + + py36-fail2ban + py37-fail2ban + py38-fail2ban + py39-fail2ban + py310-fail2ban + 0.11.2_3 + + + + +

Jakub Żoczek reports:

+
+

+ Command mail from mailutils package used in mail actions + like mail-whois can execute command if unescaped sequences + (\n~) are available in "foreign" input (for instance in + whois output). +

+
+ +
+ + CVE-2021-32749 + https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm + + + 2021-07-16 + 2021-10-20 + +
+ mailman -- brute-force vuln on list admin password, and CSRF vuln in releases before 2.1.35