92 matches found
[SECURITY] Fedora 43 Update: postfix-3.10.10-1.fc43
Postfix is a Mail Transport Agent MTA...
Exim 安全漏洞
Exim is an open-source message transfer agent MTA developed by Exim Software, running on Unix systems. It primarily handles the routing, forwarding, and delivery of emails. Versions of Exim from 4.88 to 4.99.4 contained security vulnerabilities. These vulnerabilities stemmed from improper handlin...
Astra Linux - уязвимость в exim4
Exim 4 before 4.94.2 allowed out-of-bounds read vulnerabilities. The smtpsetupmsg function may disclose sensitive information from the process memory to an unauthenticated SMTP client...
Debian dsa-6265 : exim4 - security update
The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6265 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6265-1 [email protected]...
[SECURITY] Fedora 43 Update: exim-4.99.2-1.fc43
Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...
[SECURITY] Fedora 44 Update: exim-4.99.2-1.fc44
Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...
OESA-2026-2209 postfix security update
Postfix is a Mail Transport Agent MTA. Security Fixes: Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.CVE-2026-43964...
SUSE CVE-2026-28387
Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...
SUSE CVE-2026-27859
A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed...
CVE-2026-27859
A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed...
CVE-2026-27859
A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed...
CVE-2026-27859
A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed...
CVE-2026-27859
A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed...
[SECURITY] Fedora 43 Update: exim-4.99.1-1.fc43
Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...
Linux Distros Unpatched Vulnerability : CVE-2020-8794
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mtaio in mtasession.c for multi-line replies. Although this vulnerabilit...
SUSE CVE-2002-0985
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA e.g. sendmail in the 5th argument to mail, altering MTA behavior and possibly executing commands...
AZL-49024 CVE-2024-23184 affecting package dovecot 2.3.20-1
Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...
DEBIAN-CVE-2024-23185
Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "fullvalue" buffer out of the smaller chunks. The fullvalue buffer has no si...
DEBIAN-CVE-2024-23184
Having a large number of address headers From, To, Cc, Bcc, etc. becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors...
UBUNTU-CVE-2024-23185
Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "fullvalue" buffer out of the smaller chunks. The fullvalue buffer has no si...