Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2021/11/11 12:0 a.m.40 views

RHEL 8 : spamassassin (RHSA-2021:4315)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:4315 advisory. The SpamAssassin tool provides a way to reduce unsolicited commercial email spam from incoming email. Security Fixes: spamassassin: Malicious rule...

10CVSS7.4AI score0.06132EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2021/07/16 12:0 a.m.34 views

EulerOS 2.0 SP5 : spamassassin (EulerOS-SA-2021-2230)

According to the version of the spamassassin package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or...

10CVSS7.4AI score0.06132EPSS
Exploits0References2
CNVD
CNVD
added 2021/03/29 12:0 a.m.8 views

Apache SpamAssassin Injection Vulnerability

Apache SpamAssassin is an open source spam filter from the Apache USA Foundation. The product provides system administrators with a filter and support for categorizing email to block spam. An injection vulnerability exists in Apache SpamAssassin versions prior to 3.4.5 that allows configuration o...

10CVSS7.1AI score0.06132EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2021/03/25 5:52 p.m.48 views

CVE-2020-1946

A flaw was found in spamassassin. Malicious rule configuration .cf files can be configured to run system commands without any output or errors allowing exploits to be injected in a number of scenarios. The highest threat from this vulnerability is to data confidentiality and integrity as well as...

10CVSS0.9AI score0.06132EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2021/03/25 9:20 a.m.36 views

CVE-2020-1946

In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3...

10CVSS7.8AI score0.06132EPSS
Exploits0
Debian CVE
Debian CVE
added 2021/03/25 9:20 a.m.34 views

CVE-2020-1946

In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3...

10CVSS8.2AI score0.06132EPSS
Exploits0
FreeBSD
FreeBSD
added 2021/03/24 12:0 a.m.40 views

spamassassin -- Malicious rule configuration (.cf) files can be configured to run system commands

The Apache SpamAssassin project reports: Apache SpamAssassin 3.4.5 was recently released 1, and fixes an issue of security note where malicious rule configuration .cf files can be configured to run system commands. In Apache SpamAssassin before 3.4.5, exploits can be injected in a number of...

10CVSS1.2AI score0.06132EPSS
Exploits0References3
Rows per page
Query Builder