EulerOS Virtualization for ARM 64 3.0.2.0 : libdb (EulerOS-SA-2020-1535)

According to the version of the libdb packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain...

Postfix Data Forgery Issue Vulnerability

Postfix is an open source mail transfer agent. A security vulnerability exists in Postfix version 2.10.1-7. An attacker can exploit the vulnerability to send mail by spoofing the sender...

CVE-2020-12063

A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o' character. This is potentially relevant when the /etc/postfix/senderlogin feature is used, because a spoofe...

CVE-2020-12063

A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o' character. This is potentially relevant when the /etc/postfix/senderlogin feature is used, because a spoofe...

CVE-2020-12063

A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o' character. This is potentially relevant when the /etc/postfix/senderlogin feature is used, because a spoofe...

Design/Logic Flaw

A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o' character. This is potentially relevant when the /etc/postfix/senderlogin feature is used, because a spoofe...

CVE-2020-12063

The CVE-2020-12063 issue affects Postfix 2.10.1-7 and enables spoofed outbound mail via a homoglyph attack (30F) that resembles a configured sender when /etc/postfix/sender_login is used. Multiple connected sources (SUSE, Red Hat, UB Ubuntu/BPO feeds) confirm that an attacker could send mail fr...

CVE-2020-12063

A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o' character. This is potentially relevant when the /etc/postfix/senderlogin feature is used, because a spoofe...

PT-2020-13021 · Postfix · Postfix

Name of the Vulnerable Software and Affected Versions: Postfix version 2.10.1-7 Description: The issue allows an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of xcexbf to the 'o' character. This is potentially relevant when t...

Arbitrary Code Execution

postfix is vulnerable to arbitrary code execution. A heap-based buffer over-read flaw was found in the way Postfix performed SASL handlers management for SMTP sessions, when Cyrus SASL authentication was enabled. A remote attacker could use this flaw to cause the Postfix smtpd server to crash via...

Information Disclosure

postfix is vulnerable to information disclosure. It was discovered that Postfix did not properly check the permissions of users' mailbox files. A local attacker able to create files in the mail spool directory could use this flaw to create mailbox files for other local users, and be able to read...

Command Injection

postfix is vulnerable to command injection. It was discovered that Postfix did not flush the received SMTP commands buffer after switching to TLS encryption for an SMTP session. A man-in-the-middle attacker could use this flaw to inject SMTP commands into a victim's session during the plain text...

Privilege Escalation

postfix is vulnerable to privilege escalation. A flaw was found in the way Postfix dereferences symbolic links. If a local user has write access to a mail spool directory with no root mailbox, it may be possible for them to append arbitrary data to files that root has write permission to...

Incorrect Query Responses

postfixmtastsresolver provides incorrect query responses. It can happen due to a lack of improper parsing of query responses from daemon under some conditions, resulting in effective STS policy downgrade...

Huawei EulerOS: Security Advisory for postfix (EulerOS-SA-2018-1205)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libdb (EulerOS-SA-2019-1974)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for postfix (EulerOS-SA-2018-1204)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-16791

In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy...

CVE-2019-16791

In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy...

CVE-2019-16791

In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy...