4 matches found
MiracleLinux 8 : spamassassin-3.4.4-4.el8 (AXSA:2021-2680:03)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2680:03 advisory. spamassassin: Malicious rule configuration files can be configured to run system commands CVE-2020-1946 Tenable has extracted the preceding description block...
SUSE CVE-2020-1946
In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3...
ALPINE-CVE-2020-1946
In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3...
UBUNTU-CVE-2020-1946
In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3...