Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Opensmtpd Security Vulnerabilities

cve
cve

CVE-2023-29323

ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6...

7.8CVSS

7.5AI Score

0.0004EPSS

2023-04-04 11:15 PM
172
cve
cve

CVE-2020-35679

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex...

7.5CVSS

7.3AI Score

0.004EPSS

2020-12-24 04:15 PM
77
5
cve
cve

CVE-2020-35680

smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between.....

7.5CVSS

7.2AI Score

0.008EPSS

2020-12-24 04:15 PM
76
6
cve
cve

CVE-2020-8793

OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in...

4.7CVSS

4.7AI Score

0.001EPSS

2020-02-25 05:15 PM
113
cve
cve

CVE-2020-8794

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce....

9.8CVSS

9.4AI Score

0.937EPSS

2020-02-25 05:15 PM
167
In Wild
3
cve
cve

CVE-2020-7247

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration.....

9.8CVSS

9.5AI Score

0.975EPSS

2020-01-29 04:15 PM
1002
In Wild
5
cve
cve

CVE-2015-7687

Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and...

9.8CVSS

9.5AI Score

0.008EPSS

2017-10-16 06:29 PM
27
cve
cve

CVE-2013-2125

OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection...

6.8AI Score

0.009EPSS

2014-05-27 02:55 PM
21