CVE-2026-43964

Postfix versions affected by CVE-2026-43964 include 3.8.x prior to 3.8.16, 3.9.x prior to 3.9.10, and 3.10.x prior to 3.10.9. The issue is a buffer over-read that can trigger a process crash when handling an enhanced status code that lacks text after the third number. Multiple advisories (OSV, NV...

CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

EUVD-2026-27115

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

Linux Distros Unpatched Vulnerability : CVE-2026-43964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks te...

PT-2026-36908

Name of the Vulnerable Software and Affected Versions Postfix versions prior to 3.8.16 Postfix versions 3.9 prior to 3.9.10 Postfix versions 3.10 prior to 3.10.9 Description A buffer over-read can occur, potentially leading to a process crash, when an enhanced status code is used that lacks text...

Postfix 安全漏洞

Postfix is an open-source mail transfer agent software developed by Postfix. Vulnerabilities existed in versions prior to Postfix 3.8.16, 3.9.10, and 3.10.9. These vulnerabilities stemmed from the lack of text after the third digit in enhanced status codes, which could lead to excessive buffer...

CVE-2026-41232

Froxlor is open source server administration software. Prior to version 2.3.6, in EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to...

GHSA-VMJJ-QR7V-PXM6 Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index Allows Cross-Customer Email Spoofing

Summary In EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to validateLocalDomainOwnership. This causes the ownership check to always pass for non-existent...

NewStart CGSL MAIN 6.06 (SP) : postfix Multiple Vulnerabilities (NS-SA-2026-0024)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has postfix packages installed that are affected by multiple vulnerabilities: - The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods ar...

MiracleLinux 9 : postfix-3.5.25-1.el9 (AXSA:2024-9252:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9252:01 advisory. postfix: SMTP smuggling vulnerability CVE-2023-51764 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 4 : postfix-2.6.6-2.1.AXS4 (AXSA:2011-159:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2011-159:01 advisory. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, TLS Security issues fixed with this release: CVE-2011-0411 The STARTTLS implementation...

MiracleLinux 3 : postfix-2.3.3-2.10.AXS3 (AXSA:2011-150:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-150:02 advisory. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, TLS Security issues fixed with this release: CVE-2008-2937 Postfix 2.5 before...

MiracleLinux 4 : postfix-2.6.6-2.2.AXS4 (AXSA:2011-720:02)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2011-720:02 advisory. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, TLS Security issues fixed with this release: CVE-2011-1720 The SMTP server in Postfix...

MiracleLinux 3 : postfix-2.3.3-2.11.0.1.AXS3 (AXSA:2011-221:03)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-221:03 advisory. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, TLS Security issues fixed with this release: CVE-2011-1720 The SMTP server in Postfix...

MiracleLinux 3 : postfix-2.3.3-2.9AXS3 (AXSA:2008-88:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-88:01 advisory. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, and TLS. CVE-2008-2936: Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and...

CVE-2019-16791

In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy...

TencentOS Server 4: postfix (TSSA-2024:0350)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0350 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

EUVD-2005-0338

Malware in sbrugna...

EUVD-2003-0462

Malware in sbrugna...