82 matches found
Zimbra Collaboration - Unrestricted File Upload
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...
EUVD-2007-1667
Malware in sbrugna...
EUVD-2002-1097
Malware in sbrugna...
EUVD-1999-1493
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2024-28054
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict relative to some mail user agents when...
CVE-2024-28054
Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict relative to some mail user agents when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware...
CVE-2022-41352
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole extraction to /opt/zimbra/jetty/webapps/zimbra/public that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also,...
The vulnerability of the MIME-tools content-filtering email system, specifically Amavis, arises from improper access control. This allows attackers to escalate their privileges.
The vulnerability of the MIME-tools content-filtering email filtering component, such as Amavis, is related to interpretation conflicts. This occurs when an email message contains multiple boundary parameters. Exploiting this vulnerability can allow a malicious actor to enhance their privileges...
ROS-20240611-03
A vulnerability in the MIME-tools component of the open-source content filter for Amavis email is related to an interpretation conflict when a MIME email message has multiple boundary parameters. Exploitation of the vulnerability could allow an attacker acting remotely to elevate the privileges...
Updated amavisd-new packages fix security vulnerability
Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict relative to some mail user agents when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware...
Fedora 40 : amavis (2024-8bbcae6af2)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-8bbcae6af2 advisory. Update to version 2.13.1 Fix CVE-2024-28054 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...
Fedora: Security Advisory for amavis (FEDORA-2024-1d87055861)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-8bbcae6af2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-3cf9eb64ba)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: amavis-2.13.1-1.fc39
amavis is a high-performance and reliable interface between mailer MTA and one or more content checkers: virus scanners, and/or Mail::SpamAssassin Perl module. It is written in Perl, assuring high reliability, portability and maintainability. It talks to MTA via ESMTP or LMTP, or by using helper...
[SECURITY] Fedora 38 Update: amavis-2.13.1-1.fc38
amavis is a high-performance and reliable interface between mailer MTA and one or more content checkers: virus scanners, and/or Mail::SpamAssassin Perl module. It is written in Perl, assuring high reliability, portability and maintainability. It talks to MTA via ESMTP or LMTP, or by using helper...
[SECURITY] Fedora 40 Update: amavis-2.13.1-1.fc40
amavis is a high-performance and reliable interface between mailer MTA and one or more content checkers: virus scanners, and/or Mail::SpamAssassin Perl module. It is written in Perl, assuring high reliability, portability and maintainability. It talks to MTA via ESMTP or LMTP, or by using helper...
Fedora 39 : amavis (2024-3cf9eb64ba)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-3cf9eb64ba advisory. Update to version 2.13.1 Fix CVE-2024-28054 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...
Fedora 38 : amavis (2024-1d87055861)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1d87055861 advisory. Update to version 2.13.1 Fix CVE-2024-28054 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...
DEBIAN-CVE-2024-28054
Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict relative to some mail user agents when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware...