Lucene search
K

56 matches found

Tenable Nessus
Tenable Nessus
added 2025/07/25 12:0 a.m.4 views

NewStart CGSL MAIN 7.02 : postfix Vulnerability (NS-SA-2025-0159)

The remote NewStart CGSL host, running version MAIN 7.02, has postfix packages installed that are affected by a vulnerability: - Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other...

5.3CVSS5.8AI score0.02598EPSS
Exploits4References3
BDU FSTEC
BDU FSTEC
added 2024/01/10 12:0 a.m.10 views

The vulnerability of the Postfix mail server’s smtpd service allows attackers to circumvent security restrictions and carry out email substitution attacks (type of SMTP Smuggling attack).

The vulnerability of the Postfix mail server’s smtp daemon is related to insufficient verification of data authenticity when processing line endings other than . Exploiting this vulnerability allows a malicious actor to bypass security restrictions and replace emails a type of SMTP smuggling atta...

5.3CVSS5.9AI score0.02598EPSS
Exploits4References16Affected Software6
Tenable Nessus
Tenable Nessus
added 2024/01/10 12:0 a.m.26 views

Fedora 38 : postfix (2024-5c186175f2)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-5c186175f2 advisory. Security fix for CVE-2023-51764. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

5.3CVSS5.7AI score0.02598EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2023/12/29 12:0 a.m.41 views

SUSE SLED15: postfix / postfix-bdb / postfix-bdb-lmdb / postfix-devel / etc (SUSE-SU-2023:4981-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4981-1 advisory. - CVE-2023-51764: Fixed new SMTP smuggling attack bsc1218304. Tenable has extracted the preceding...

5.3CVSS6.1AI score0.02598EPSS
Exploits4References5
OSV
OSV
added 2023/12/24 5:15 a.m.9 views

AZL-32296 CVE-2023-51764 affecting package postfix for versions less than 3.7.0-3

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...

5.3CVSS6AI score0.02598EPSS
Exploits4References1
BDU FSTEC
BDU FSTEC
added 2023/10/30 12:0 a.m.8 views

The vulnerability in the postfix package of operating systems OpenSUSE Leap, SUSE Linux Enterprise Server for SAP Applications, Suse Linux Enterprise Server, and Suse Linux Enterprise Desktop allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability in the postfix package of operating systems OpenSUSE Leap, SUSE Linux Enterprise Server for SAP Applications, Suse Linux Enterprise Server, and Suse Linux Enterprise Desktop is related to an incorrect definition of links before accessing a file. Exploiting this vulnerability can...

7.8CVSS7.1AI score0.00286EPSS
Exploits1References4Affected Software4
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.4 views

SUSE CVE-2003-0540

The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service lock via 1 a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or 2 v...

5CVSS6.8AI score0.21261EPSS
Exploits4References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:7 a.m.5 views

SUSE CVE-2008-2936

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...

6.2CVSS7AI score0.01001EPSS
Exploits6References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:7 a.m.4 views

SUSE CVE-2008-3889

Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service application slowdown or exit via a crafted command, as...

2.1CVSS6.5AI score0.00707EPSS
Exploits6References4
Veracode
Veracode
added 2020/04/10 12:56 a.m.24 views

Information Disclosure

postfix is vulnerable to information disclosure. It was discovered that Postfix did not properly check the permissions of users' mailbox files. A local attacker able to create files in the mail spool directory could use this flaw to create mailbox files for other local users, and be able to read...

1.9CVSS1.4AI score0.0036EPSS
Exploits0References23Affected Software1
RedHat Linux
RedHat Linux
added 2019/02/18 4:55 p.m.7 views

libdb: Reads DB_CONFIG from the current working directory

Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...

7.8CVSS7.4AI score0.00567EPSS
Exploits1References4
OSV
OSV
added 2018/04/16 5:29 p.m.5 views

CVE-2017-10140

Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...

7.8CVSS7.7AI score
Exploits0References4
OSV
OSV
added 2011/05/13 5:5 p.m.7 views

CVE-2011-1720

The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service...

6.8CVSS8.4AI score0.21646EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2009/04/23 12:0 a.m.22 views

Ubuntu 7.10 / 8.04 LTS : postfix vulnerability (USN-642-1)

Wietse Venema discovered that Postfix leaked internal file descriptors when executing non-Postfix commands. A local attacker could exploit this to cause Postfix to run out of descriptors, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description...

2.1CVSS5.4AI score0.00707EPSS
Exploits6References2
Cvelist
Cvelist
added 2008/11/06 11:0 a.m.21 views

CVE-2008-4977

postfixgroups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the 1 /tmp/postfixgroups.stdout, 2 /tmp/postfixgroups.stderr, and 3 /tmp/postfixgroups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue...

6.2AI score0.00374EPSS
Exploits1References5
exploitpack
exploitpack
added 2008/08/31 12:0 a.m.35 views

Postfix 2.6-20080814 - symlink Local Privilege Escalation

Postfix 2.6-20080814 - symlink Local Privilege Escalation !/bin/sh "rspocfix.sh" PoC for Postfix local root vulnerability: CVE-2008-2936 by Roman Medina-Heigl Hernandez a.k.a. RoMaNSoFt Tested: Ubuntu / Debian Madrid, 30.Aug.2008 Config writabledir=/tmp spooldir=/var/mail Use "postconf...

6.2CVSS0.5AI score0.01001EPSS
Exploits6
UbuntuCve
UbuntuCve
added 2008/08/18 7:41 p.m.28 views

CVE-2008-2936

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...

6.2CVSS5.8AI score0.01001EPSS
Exploits6References2
OSV
OSV
added 2008/08/18 7:41 p.m.6 views

CVE-2008-2936

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...

6.2AI score
Exploits0References33
OSV
OSV
added 2008/08/18 7:41 p.m.5 views

CVE-2008-2937

Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name...

5.8AI score
Exploits0References20
OSV
OSV
added 2005/05/02 4:0 a.m.9 views

CVE-2005-0337

Postfix 2.1.3, when /proc/net/ifinet6 is not available and permitmxbackup is enabled in smtpdrecipientrestrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname...

6.5AI score
Exploits0References7
Rows per page
Query Builder