CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-3784

Malware in sbrugna...

7.8CVSS8.6AI score0.00252EPSS

Exploits0References13

SUSE CVE•added 2023/02/15 4:27 a.m.•1 views

SUSE CVE-2018-11781

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax...

7.8CVSS9.4AI score0.00252EPSS

Exploits0References6

Tenable Nessus•added 2020/09/28 12:0 a.m.•34 views

EulerOS 2.0 SP3 : spamassassin (EulerOS-SA-2020-2118)

According to the version of the spamassassin package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.CVE-2018-11781 Note that Tenable Network Security has...

7.8CVSS8.1AI score0.00252EPSS

Exploits0References2

Tenable Nessus•added 2019/07/25 12:0 a.m.•31 views

SUSE SLED12 / SLES12 Security Update : spamassassin (SUSE-SU-2019:1961-1)

This update for spamassassin to version 3.4.2 fixes the following issues : Security issues fixed : CVE-2017-15705: Fixed denial of service via unclosed tags in crafted emails bsc1108745. CVE-2018-11781: Fixed a code injection in the meta rule syntax by local users bsc1108748. CVE-2018-11780: Fixe...

9.8CVSS7.3AI score0.18675EPSS

Exploits0References12

Ubuntu•added 2018/12/05 4:30 p.m.•85 views

USN-3811-3: SpamAssassin vulnerabilities

USN-3811-1 fixed a vulnerability in spamassassin. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use this issue to execute arbitrary code...

9.8CVSS8.4AI score0.18675EPSS

Exploits0

Tenable Nessus•added 2018/11/14 12:0 a.m.•25 views

Debian DLA-1578-1 : spamassassin security update

Multiple vulnerabilities were found in Spamassassin, which could lead to Remote Code Execution and Denial of Service attacks under certain circumstances. CVE-2016-1238 Many Perl programs do not properly remove . period characters from the end of the includes directory array, which might allow loc...

9.8CVSS7AI score0.18675EPSS

Exploits0References6

Debian•added 2018/11/13 7:6 p.m.•468 views

[SECURITY] [DLA 1578-1] spamassassin security update

Package : spamassassin Version : 3.4.2-0+deb8u1 CVE ID : CVE-2016-1238 CVE-2017-15705 CVE-2018-11780 CVE-2018-11781 Debian Bug : 784023 865924 883775 889501 891041 908969 908970 908971 913571 Multiple vulnerabilities were found in Spamassassin, which could lead to Remote Code Execution and Denial...

9.8CVSS6.9AI score0.18675EPSS

Exploits0

Tenable Nessus•added 2018/11/09 12:0 a.m.•39 views

Amazon Linux 2 : spamassassin (ALAS-2018-1103)

A flaw was found in the way SpamAssassin processes HTML email containing unclosed HTML tags. A carefully crafted mail message could cause SpamAssassin to consume significant resources. If a large number of these messages are sent, a denial of service could occur potentially delaying or preventing...

7.8CVSS7AI score0.01771EPSS

Exploits0References3

Tenable Nessus•added 2018/11/07 12:0 a.m.•31 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : SpamAssassin vulnerabilities (USN-3811-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3811-1 advisory. It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use thi...

9.8CVSS7.2AI score0.18675EPSS

Exploits0References4

OSV•added 2018/11/06 4:17 p.m.•1 views

USN-3811-1 spamassassin vulnerabilities

It was discovered that SpamAssassin incorrectly handled certain unclosed tags in emails. A remote attacker could possibly use this issue to cause a denial of service. CVE-2017-15705 It was discovered that SpamAssassin incorrectly handled the PDFInfo plugin. A remote attacker could possibly use th...

9.8CVSS7.1AI score0.18675EPSS

Exploits0References4

Mageia•added 2018/10/30 6:1 p.m.•42 views

Updated spamassassin packages fix security vulnerabilities

Updated spamassassin package fixes security vulnerabilities: A reliance on "." in @INC in one configuration script CVE-2016-1238. A denial of service vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts CVE-2017-15705. A...

9.8CVSS1.4AI score0.18675EPSS

Exploits0References2

RedHat Linux•added 2018/10/11 9:34 p.m.•2 views

spamassassin: Local user code injection in the meta rule syntax

A flaw was found in the way a local user on the SpamAssassin server could inject code in the meta rule syntax. This could cause the arbitrary code execution on the server when these rules are being processed...

7.8CVSS6.3AI score0.00252EPSS

Exploits0References5

Tenable Nessus•added 2018/09/27 12:0 a.m.•50 views

FreeBSD : spamassassin -- multiple vulnerabilities (613193a0-c1b4-11e8-ae2d-54e1ad3d6335)

the Apache Spamassassin project reports : In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the 'open' event is immediately followed by a 'close' event - even if the tag does not close in the HTML being parsed. Because...

9.8CVSS6.9AI score0.18675EPSS

Exploits0References6