SpamAssassin: Arbitrary command execution

Background SpamAssassin is an extensible email filter used to identify junk email. Description It was discovered that SpamAssassin incorrectly handled certain CF files. Impact A remote attacker could entice a user or automated system to process a specially crafted CF file using SpamAssassin,...

DEBIAN-CVE-2019-19920

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature. This issue is similar to CVE-2018-11805...

Design/Logic Flaw

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature. This issue is similar to CVE-2018-11805...

UBUNTU-CVE-2019-19920

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval rather than direct parsing and/or use of the taint feature. This issue is similar to CVE-2018-11805...

CVE-2019-19920

CVE-2019-19920 affects sa-exim 4.2.1: attackers who can write a .cf file or rule can trigger arbitrary code execution due to Greylisting.pm using eval. This is related to, and similar in behavior to, CVE-2018-11805. Documented impact is remote code execution with the required access to customize ...

CVE-2015-4244

The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash CF file, aka Bug ID CSCuu75278...