146 matches found
CVE-2019-18862
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode...
EUVD-2004-0982
Malware in sbrugna...
EUVD-2019-8557
Malware in sbrugna...
EUVD-2005-1525
Malware in sbrugna...
EUVD-2005-1524
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-18862
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. CVE-2019-18862 Note that Nessus relies on the...
GNU Mailutils: unexpected processsing of escape sequences
Background GNU Mailutils is a collection of mail-related utilities, including an IMAP4 server imap4d and a Mail User Agent mail. Description A vulnerability has been discovered in GNU Mailutils. Please review the CVE identifier referenced below for details. Impact mail1 from mailutils would proce...
GLSA-202310-13 : GNU Mailutils: unexpected processsing of escape sequences
The remote host is affected by the vulnerability described in GLSA-202310-13 GNU Mailutils: unexpected processsing of escape sequences - fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, ther...
emacs security and bug fix update
1:26.1-9 - Fix MH-E mail composition with GNU Mailutils 1991156 1:26.1-8 - Fix ctags local command execute vulnerability 2149386...
Debian: Security Advisory (DSA-841-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2004-0984
Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges...
SUSE CVE-2019-18862
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode...
FreeBSD : fail2ban -- possible RCE vulnerability in mailing action using mailutils (c848059a-318b-11ec-aa15-0800270512f4)
Jakub Zoczek reports : Command mail from mailutils package used in mail actions like mail-whois can execute command if unescaped sequences \n are available in 'foreign' input for instance in whois output. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks...
Remote Code Execution
fail2ban is vulnerable to remote code execution. The mailing action mail-whois command mail from mailutils package used in mail actions like mail-whois can execute command allows an attacker to execute arbitrary commands due to unescaped sequences \n in foreign input...
CVE-2021-32749
fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command mail from mailutils package...
CVE-2021-32749 Possible RCE vulnerability in mailing action using mailutils (mail-whois)
fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command mail from mailutils package...
CVE-2021-32749
fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command mail from mailutils package...
fail2ban -- possible RCE vulnerability in mailing action using mailutils
Jakub Żoczek reports: Command mail from mailutils package used in mail actions like mail-whois can execute command if unescaped sequences \n are available in "foreign" input for instance in whois output...
CVE-2021-32749
fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command mail from mailutils package...
Security fix for the ALT Linux 8 package mailutils version 3.10-alt0.20200913.1
3.10-alt0.20200913.1 built March 2, 2021 Sergey Y. Afonin in task 267166 Sept. 27, 2020 Sergey Y. Afonin - New version CVE-2019-18862 fixed in 3.8 - Updated %description - Updated License tags to SPDX syntax - Require emacs-X11 for build only when mh subpackage is enabled ALT 38371 - Disabled...