SUSE CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

OPENSUSE-SU-2026:10707-1 postfix-3.11.2-1.1 on GA media

These are all security issues fixed in the postfix-3.11.2-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2026-38524

These are all security issues fixed in the postfix-3.11.2-1.1 package on the GA media of openSUSE Tumbleweed...

UBUNTU-CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

CVE-2026-43964

Postfix versions affected by CVE-2026-43964 include 3.8.x prior to 3.8.16, 3.9.x prior to 3.9.10, and 3.10.x prior to 3.10.9. The issue is a buffer over-read that can trigger a process crash when handling an enhanced status code that lacks text after the third number. Multiple advisories (OSV, NV...

CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

EUVD-2026-27115

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

PT-2026-36908

Name of the Vulnerable Software and Affected Versions Postfix versions prior to 3.8.16 Postfix versions 3.9 prior to 3.9.10 Postfix versions 3.10 prior to 3.10.9 Description A buffer over-read can occur, potentially leading to a process crash, when an enhanced status code is used that lacks text...

Linux Distros Unpatched Vulnerability : CVE-2026-43964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks te...

Postfix 安全漏洞

Postfix is an open-source mail transfer agent software developed by Postfix. Vulnerabilities existed in versions prior to Postfix 3.8.16, 3.9.10, and 3.10.9. These vulnerabilities stemmed from the lack of text after the third digit in enhanced status codes, which could lead to excessive buffer...

CVE-2026-41232

Froxlor is open source server administration software. Prior to version 2.3.6, in EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to...

GHSA-VMJJ-QR7V-PXM6 Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index Allows Cross-Customer Email Spoofing

Summary In EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to validateLocalDomainOwnership. This causes the ownership check to always pass for non-existent...

NewStart CGSL MAIN 6.06 (SP) : postfix Multiple Vulnerabilities (NS-SA-2026-0024)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has postfix packages installed that are affected by multiple vulnerabilities: - The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods ar...

MiracleLinux 9 : postfix-3.5.25-1.el9 (AXSA:2024-9252:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9252:01 advisory. postfix: SMTP smuggling vulnerability CVE-2023-51764 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...