CVE-2025-61084

MDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle brackets in the From: header of SMTP DATA. An attacker can craft a From: header with multiple invisible Unicode thin spaces to display a spoofed sender while passing validation, allowing email spoofing eve...

MDaemon Mail Server 安全漏洞

MDaemon Mail Server is an e-mail server software from MDaemon Inc. in the United States. A security vulnerability exists in MDaemon Mail Server version 23.5.2, which originates from a flaw in the use of email validation SPF, DKIM, and DMARC using the pointed brackets in the From header of the SMT...

SUSE CVE-2011-1407

The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity...

SUSE CVE-2020-28025

Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkimfinishbodyhash does not validate the relationship between sig-bodyhash.len and b-bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory...

DEBIAN-CVE-2020-28025

Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkimfinishbodyhash does not validate the relationship between sig-bodyhash.len and b-bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory...

DEBIAN-CVE-2020-12272

OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the...

UBUNTU-CVE-2020-12272

OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the...

DEBIAN-CVE-2012-5671

Heap-based buffer overflow in the dkimeximquerydnstxt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and aclsmtpconnect and aclsmtprcpt are not set to "warn control = dkimdisableverify," allows remote attackers to execute arbitrary code via an email from a malicious DN...

Debian Security Advisory DSA 1728-1 (dkim-milter)

The remote host is missing an update to dkim-milter announced via advisory DSA 1728-1. OpenVAS Vulnerability Test $Id: deb17281.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1728-1 dkim-milter Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

[SECURITY] Fedora 9 Update: dkim-milter-2.8.1-1.fc9

The dkim-milter package is an open source implementation of the DKIM sender authentication system proposed by the E-mail Signing Technology Group ESTG, now a proposed standard of the IETF RFC4871. DKIM is an amalgamation of the DomainKeys DK proposal by Yahoo!, Inc. and the Internet Identified Ma...

Debian DSA-1728-1 : dkim-milter - improper assertion

It was discovered that dkim-milter, an implementation of the DomainKeys Identified Mail protocol, may crash during DKIM verification if it encounters a specially crafted or revoked public key record in DNS. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package chec...

openSUSE 10 Security Update : spamassassin (spamassassin-3077)

This upgrade brings spamassassin to version 3.1.8 with following changes : - fix for CVE-2007-0451: possible DoS due to incredibly long URIs found in the message content. - disable perl module usage in update channels unless --allowplugins is specified - files with names starting/ending in...