Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-6550-1
HistoryDec 12, 2023 - 12:00 a.m.

PostfixAdmin vulnerabilities

2023-12-1200:00:00
ubuntu.com
16
postfixadmin
ubuntu
vulnerabilities
smarty
moment.js
php injection
arbitrary code
denial of service
cross-site scripting
rfc 2822

7.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.4%

JSON

Releases

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM

Packages

  • postfixadmin - Virtual mail hosting interface for Postfix

Details

It was discovered that Smarty, that is integrated in the PostfixAdmin
code, was not properly sanitizing user input when generating templates. An
attacker could, through PHP injection, possibly use this issue to execute
arbitrary code. (CVE-2022-29221)

It was discovered that Moment.js, that is integrated in the PostfixAdmin
code, was using an inefficient parsing algorithm when processing date
strings in the RFC 2822 standard. An attacker could possibly use this
issue to cause a denial of service. This issue only affected Ubuntu 22.04
LTS. (CVE-2022-31129)

It was discovered that Smarty, that is integrated in the PostfixAdmin
code, was not properly escaping JavaScript code. An attacker could
possibly use this issue to conduct cross-site scripting attacks (XSS).
(CVE-2023-28447)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.04noarchpostfixadmin< 3.3.10-2ubuntu0.1~esm1UNKNOWN
Ubuntu22.04noarchpostfixadmin< 3.3.10-2UNKNOWN
Ubuntu20.04noarchpostfixadmin< 3.2.1-3ubuntu0.1~esm1UNKNOWN
Ubuntu20.04noarchpostfixadmin< 3.2.1-3UNKNOWN
Ubuntu18.04noarchpostfixadmin< 3.0.2-2ubuntu0.1~esm1UNKNOWN
Ubuntu18.04noarchpostfixadmin< 3.0.2-2UNKNOWN

Related

nessus 35
osv 14
openvas 24
fedora 9
cvelist 4
prion 4
github 3
ubuntucve 3
debiancve 3
veracode 3
githubexploit 1
friendsofphp 2
cve 4
debian 3
mageia 4
ubuntu 2
ibm 36
redhat 28
attackerkb 1
hackerone 1
redhatcve 1
huntr 1
atlassian 3
qualysblog 1
freebsd 1
gentoo 1
oracle 5
nessus
nessus
Ubuntu 18.04 ESM / 20.04 ESM / 22.04 ESM : PostfixAdmin vulnerabilities (USN-6550-1)
2023-12-12 00:00:00
Ubuntu 22.04 LTS : Smarty vulnerability (USN-6012-1)
2023-04-13 00:00:00
Fedora 38 : php-Smarty (2023-199edf23f0)
2023-04-15 00:00:00
osv
osv
postfixadmin vulnerabilities
2023-12-12 12:15:17
smarty Cross-site Scripting vulnerability in Javascript escaping
2023-03-29 18:31:35
smarty3 - security update
2022-05-29 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6550-1)
2023-12-13 00:00:00
Fedora: Security Advisory for php-Smarty (FEDORA-2023-4b03f6cd8a)
2023-04-13 00:00:00
Debian: Security Advisory (DLA-3033-1)
2022-06-01 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: php-Smarty-3.1.48-1.fc36
2023-04-12 01:39:15
[SECURITY] Fedora 37 Update: php-Smarty-3.1.48-1.fc37
2023-04-12 01:34:31
[SECURITY] Fedora 38 Update: php-Smarty-3.1.48-1.fc38
2023-04-15 02:15:24
cvelist
cvelist
CVE-2022-29221 PHP Code Injection by malicious block or filename in Smarty
2022-05-24 00:00:00
CVE-2023-28447 Cross site scripting vulnerability in Javascript escaping in smarty/smarty
2023-03-28 20:07:39
CVE-2022-31129 Inefficient Regular Expression Complexity in moment
2022-07-06 00:00:00
prion
prion
Design/Logic Flaw
2023-03-28 21:15:00
Code injection
2022-05-24 15:15:00
Input validation
2022-07-06 18:15:00
github
github
PHP Code Injection by malicious block or filename in Smarty
2022-05-25 20:15:02
smarty Cross-site Scripting vulnerability in Javascript escaping
2023-03-29 18:31:35
Moment.js vulnerable to Inefficient Regular Expression Complexity
2022-07-06 18:38:49
ubuntucve
ubuntucve
CVE-2023-28447
2023-03-28 00:00:00
CVE-2022-29221
2022-05-24 00:00:00
CVE-2022-31129
2022-07-06 00:00:00
debiancve
debiancve
CVE-2023-28447
2023-03-28 21:15:11
CVE-2022-29221
2022-05-24 15:15:00
CVE-2022-31129
2022-07-06 18:15:00
veracode
veracode
Arbitrary Code Injection
2022-05-25 05:09:41
Cross-Site Scripting (XSS)
2023-04-04 11:26:16
Regular Expression Denial Of Service (ReDoS)
2022-07-07 05:14:54
githubexploit
githubexploit
Exploit for Code Injection in Smarty
2022-05-25 06:02:23
friendsofphp
friendsofphp
PHP Code Injection by malicious block or filename
2022-05-17 12:59:00
Cross site scripting vulnerability in Javascript escaping
2023-03-28 19:41:00
cve
cve
CVE-2022-29221
2022-05-24 15:15:00
CVE-2023-28447
2023-03-28 21:15:11
CVE-2022-31129
2022-07-06 18:15:00
debian
debian
[SECURITY] [DLA 3033-1] smarty3 security update
2022-05-29 15:01:41
[SECURITY] [DLA 3295-1] node-moment security update
2023-01-30 21:30:15
[SECURITY] [DSA 5151-1] smarty3 security update
2022-05-29 15:15:10
mageia
mageia
Updated php-smarty packages fix security vulnerability
2022-06-13 23:44:20
Updated php-smarty packages fix security vulnerability
2023-04-24 03:20:26
Updated jupyter-notebook packages fix security vulnerabilities
2024-03-16 04:42:48
ubuntu
ubuntu
Smarty vulnerability
2023-04-13 00:00:00
Moment.js vulnerabilities
2022-08-10 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Moment denial of service (CVE-2022-31129)
2023-02-07 21:32:04
Security Bulletin: IBM TRIRIGA Application Platform discloses denial of service (CVE-2022-31129)
2023-07-28 19:54:53
Security Bulletin: Moment js as used by IBM QRadar Advisor With Watson App is vulnerable to denial of service (CVE-2022-31129)
2023-02-15 13:45:32
redhat
redhat
(RHSA-2022:6392) Important: RHV RHEL Host (ovirt-host) [ovirt-4.5.2] security update
2022-09-08 11:19:30
(RHSA-2022:5915) Moderate: Red Hat Kiali for OpenShift Service Mesh 2.2 security update
2022-08-08 08:18:33
(RHSA-2022:5914) Moderate: Red Hat Kiali for OpenShift Service Mesh 2.1 security update
2022-08-08 08:12:25
attackerkb
attackerkb
CVE-2022-31129
2022-07-06 00:00:00
hackerone
hackerone
Nextcloud: [nextcloud/server] Moment.js vulnerable to Inefficient Regular Expression Complexity
2022-09-26 11:16:15
redhatcve
redhatcve
CVE-2022-31129
2022-07-07 20:44:44
huntr
huntr
Regular Expression Denial of Service (ReDoS)
2022-06-06 11:09:00
atlassian
atlassian
Upgrade moment library to 2.29.2+ as required for CVE-2022-24785 and CVE-2022-31129
2023-10-11 15:26:01
Upgrade moment library to 2.29.2+ as required for CVE-2022-24785 and CVE-2022-31129
2023-10-11 15:26:01
Upgrade moment library to 2.29.2+ for LTS version as required for CVE-2022-24785 and CVE-2022-31129
2023-03-27 07:30:38
qualysblog
qualysblog
Detection of Vulnerabilities in JavaScript Libraries
2023-01-16 11:46:18
freebsd
freebsd
mantis -- multiple vulnerabilities
2023-01-06 00:00:00
gentoo
gentoo
Smarty: Multiple vulnerabilities
2022-09-25 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00

7.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.4%

JSON
Related for USN-6550-1
nessus35osv14openvas24fedora9cvelist4prion4github3ubuntucve3debiancve3veracode3githubexploit1friendsofphp2cve4debian3mageia4ubuntu2ibm36redhat28attackerkb1hackerone1redhatcve1huntr1atlassian3qualysblog1freebsd1gentoo1oracle5