858 matches found
CVE-2023-51764
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...
CVE-2023-51764
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...
CVE-2023-51764
Postfix CVE-2023-51764 affects Postfix versions prior to fixed releases (e.g., 3.8.5 and earlier patched lines) and allows SMTP smuggling via non-standard end-of-data handling, enabling spoofed MAIL FROM and SPF bypass. Public advisories (ALMA/AMAZON/Linux distributions and Debian LTS) confirm th...
Postfix Data Forgery Issue Vulnerability
Postfix is an open source mail transfer agent. A data forgery issue vulnerability exists in versions prior to Postfix 3.8.4, which stems from a vulnerability that allows an attacker to bypass the SPF protection mechanism for SMTP smuggling...
CVE-2023-51764
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...
[slackware-security] postfix
New postfix packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/postfix-3.6.13-i586-1slack15.0.txz: Upgraded. Security: this release adds support to defend against an email spoofing attack SMTP...
Slackware Linux 15.0 / current postfix Vulnerability (SSA:2023-356-01)
The version of postfix installed on the remote host is prior to 3.6.13 / 3.8.4. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-356-01 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
GHSA-FJHG-96CP-6FCW Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
Description The laters version of Kimai is found to be vulnerable to a critical Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML...
The vulnerability in the postfix package of operating systems OpenSUSE Leap, SUSE Linux Enterprise Server for SAP Applications, Suse Linux Enterprise Server, and Suse Linux Enterprise Desktop allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability in the postfix package of operating systems OpenSUSE Leap, SUSE Linux Enterprise Server for SAP Applications, Suse Linux Enterprise Server, and Suse Linux Enterprise Desktop is related to an incorrect definition of links before accessing a file. Exploiting this vulnerability can...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : postfix (SUSE-SU-2023:3945-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3945-1 advisory. - A Improper Link Resolution Before File Access 'Link Following' vulnerability in SUSE SUSE Linux...
SUSE-SU-2023:3945-1 Security update for postfix
This update for postfix fixes the following issues: Security fixes: - CVE-2023-32182: Fixed configpostfix SUSE specific script using potentially bad /tmp file bsc1211196. Other fixes: - postfix: config.postfix causes too tight permission on main.cf bsc1215372...
openSUSE 15 Security Update : postfix (SUSE-SU-2023:3791-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:3791-1 advisory. - A Improper Link Resolution Before File Access 'Link Following' vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterpri...
SUSE-SU-2023:3791-1 Security update for postfix
This update for postfix fixes the following issues: Security fixes: - CVE-2023-32182: Fixed configpostfix SUSE specific script using potentially bad /tmp file bsc1211196. Other fixes: - postfix: config.postfix causes too tight permission on main.cf bsc1215372...
SUSE: Security Advisory (SUSE-SU-2023:3732-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : postfix (SUSE-SU-2023:3732-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3732-1 advisory. - A Improper Link Resolution Before File Access 'Link Following' vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SU...
SUSE-SU-2023:3732-1 Security update for postfix
This update for postfix fixes the following issues: Security fixes: - CVE-2023-32182: Fixed configpostfix SUSE specific script using potentially bad /tmp file bsc1211196. Other fixes: - postfix: config.postfix causes too tight permission on main.cf bsc1215372...
CVE-2023-32182
A Improper Link Resolution Before File Access 'Link Following' vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before...
CVE-2023-32182
A Improper Link Resolution Before File Access 'Link Following' vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before...
CVE-2023-32182
A Improper Link Resolution Before File Access 'Link Following' vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before...
CVE-2023-32182
CVE-2023-32182 describes an improper Link Resolution Before File Access in postfix used by SUSE/OpenSUSE packages (SUSE SLED15/SLES15 SP5 and openSUSE Leap 15.5). The root cause is a link-following issue in the related config_postfix handling that could involve potentially unsafe /tmp usage. Affe...