CVE-2026-43964

A flaw was found in Postfix. This issue occurs when processing enhanced status codes, specifically an enhanced status code that lacks text following the third number. Depending on the configuration of the server, this allows a remote attacker to cause a buffer over-read of only 1 byte, leading to...

OESA-2026-2291 postfix security update

Postfix is a Mail Transport Agent MTA. Security Fixes: Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.CVE-2026-43964...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Postfix vulnerability (USN-8253-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8253-1 advisory. Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes. A remote attacker could possibly use...

USN-8253-1 postfix vulnerability

Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes. A remote attacker could possibly use this issue to cause Postfix to crash, resulting in a denial of service...

CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

Linux Distros Unpatched Vulnerability : CVE-2026-43964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks te...

MiracleLinux 9 : postfix-3.5.25-1.el9 (AXSA:2024-9252:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9252:01 advisory. postfix: SMTP smuggling vulnerability CVE-2023-51764 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 3 : postfix-2.3.3-2.9AXS3 (AXSA:2008-88:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-88:01 advisory. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, and TLS. CVE-2008-2936: Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and...

MiracleLinux 4 : postfix-2.6.6-2.1.AXS4 (AXSA:2011-159:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2011-159:01 advisory. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, TLS Security issues fixed with this release: CVE-2011-0411 The STARTTLS implementation...

EUVD-2008-3875

Malware in sbrugna...

EUVD-2003-0462

Malware in sbrugna...

EUVD-2004-0923

Malware in sbrugna...

EUVD-2008-2929

Malware in sbrugna...

EUVD-2008-2930

Malware in sbrugna...

NewStart CGSL MAIN 7.02 : postfix Vulnerability (NS-SA-2025-0159)

The remote NewStart CGSL host, running version MAIN 7.02, has postfix packages installed that are affected by a vulnerability: - Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other...

Fedora 38 : postfix (2024-5c186175f2)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-5c186175f2 advisory. Security fix for CVE-2023-51764. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postfix (SUSE-SU-2023:4981-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4981-1 advisory. - Postfix through 3.8.4 allows SMTP smuggling unless configured with...

AZL-32296 CVE-2023-51764 affecting package postfix for versions less than 3.7.0-3

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...

SUSE CVE-2003-0540

The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service lock via 1 a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or 2 v...

SUSE CVE-2008-2936

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...