UBUNTU-CVE-2022-0741

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses...

CVE-2022-0741

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses...

CVE-2022-0741

Removed by vendor...

PT-2022-13403 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE affected versions not specified Description: The issue is related to improper input validation in GitLab CE/EE when using sendmail to send emails. This allows an attacker to steal environment variables by using specially crafted...

CVE-2022-0846

The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dkspeakoutsendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users...

CVE-2022-0846

The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dkspeakoutsendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users...

AZL-9220 CVE-2021-3618 affecting package sendmail 8.15.2-46

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

Important Photon OS Security Update - PHSA-2022-0469

Updates of 'linux', 'apache-tomcat', 'linux-esx', 'mariadb' packages of Photon OS have been released...

ROS-20220125-08

The Sendmail mail transfer agent vulnerability is related to a logical error in the TLS implementation when working with different protocols but using compatible certificates such as multi-domain or wildcard certificates. wildcard certificates. Exploitation of the vulnerability could allow an...

Mageia: Security Advisory (MGASA-2014-0270)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-3584

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability o...

CVE-2021-3584

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability o...

CVE-2021-3584

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability o...

CVE-2021-3584

CVE-2021-3584 is a server-side remote code execution in the Foreman project. An authenticated attacker can abuse Sendmail configuration options to overwrite defaults and perform command injection, impacting confidentiality, integrity, and availability. According to the primary sources, fixed rele...

CVE-2021-3584

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability o...

PT-2021-21064 · Foreman +2 · Foreman +2

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 2.4.1 Foreman versions prior to 2.5.1 Foreman versions prior to 3.0.0 Description: A server-side remote code execution issue was found in the Foreman project. An authenticated attacker could use Sendmail configuratio...

CVE-2021-40280

An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dlsendmail.php...

ZZCMS SQL注入漏洞

ZZCMS is a content management system CMS from the Zzcms team in China. ZZCMS is vulnerable to SQL injection, which stems from a missing validation of externally entered SQL statements in the id parameter of admin/dlsendmail.php. An attacker could use this vulnerability to execute illegal SQL...

Security Bulletin: Vulnerability in sendmail impacts AIX (CVE-2014-3956)

Summary There is a vulnerability in sendmail that impacts AIX. Vulnerability Details CVEID: CVE-2014-3956 DESCRIPTION: The smcloseonexec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FDCLOEXEC flags, which allows local users...

CVE-2020-19959

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dlsendmail.php page cookie...