261 matches found
CVE-2021-38371
CVE-2021-38371 affects Exim (STARTTLS) up to version 4.94.2. The vulnerability allows response injection (buffering) during MTA SMTP sending due to how STARTTLS sync point is enforced on the client side. Affected products include Exim in various distributions (Debian/Ubuntu/Amazon Linux/Alpine/Op...
CVE-2020-29011
Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests...
[SECURITY] Fedora 34 Update: opendmarc-1.4.1.1-3.fc34
OpenDMARC Domain-based Message Authentication, Reporting & Conformance provides an open source library that implements the DMARC verification service plus a milter-based filter application that can plug in to any milter-aware MTA, including sendmail, Postfix, or any other MTA that supports the...
[SECURITY] Fedora 34 Update: opendmarc-1.4.1-1.fc34
OpenDMARC Domain-based Message Authentication, Reporting & Conformance provides an open source library that implements the DMARC verification service plus a milter-based filter application that can plug in to any milter-aware MTA, including sendmail, Postfix, or any other MTA that suppor ts the...
[SECURITY] Fedora 34 Update: opendmarc-1.4.0-1.fc34
OpenDMARC Domain-based Message Authentication, Reporting & Conformance provides an open source library that implements the DMARC verification service plus a milter-based filter application that can plug in to any milter-aware MTA, including sendmail, Postfix, or any other MTA that suppor ts the...
Fedora: Security Advisory for opendmarc (FEDORA-2021-c1b846164e)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 34 Update: exim-4.94.2-1.fc34
Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...
Fedora: Security Advisory for exim (FEDORA-2021-848a196b2d)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for exim (FEDORA-2021-89cb264e4d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Enhancing Email Security with MTA-STS and SMTP TLS Reporting
In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the...
CVE-2020-12100
A flaw was found in dovecot. A remote attacker could cause a denial of service by repeatedly sending emails containing MIME parts containing malicious content of which dovecot will attempt to parse. The highest threat from this vulnerability is to system availability. Mitigation Upstream suggests...
GLSA-202007-01 : netqmail: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202007-01 netqmail: Multiple vulnerabilities Multiple vulnerabilities have been discovered in netqmail. Please review the CVE identifiers referenced below for details. Impact : In the default configuration, these vulnerabilities a...
NSA Announces Sandworm Actors Exploiting Exim MTA Vulnerability (CVE-2019-10149)
The Exim MTA vulnerability, initially reported by Qualys in May 2019, is currently being exploited in the wild. Recently, the US National Security Agency NSA announced that Sandworm actors Russian hacker group have been actively exploiting the Exim Mail Transfer Agent vulnerability. Qualys releas...
NSA Warns of Sandworm Backdoor Attacks on Mail Servers
The Russia-linked APT group Sandworm has been spotted exploiting a vulnerability in the internet’s top email server software, according to the National Security Agency NSA. The bug exists in the Exim Mail Transfer Agent MTA software, an open-source offering used on Linux and Unix-like systems. It...
NSA Releases Advisory on Sandworm Actors Exploiting an Exim Vulnerability
The National Security Agency NSA has released a cybersecurity advisory on Russian advanced persistent threat APT group Sandworm exploiting a vulnerability—CVE-2019-10149—in Exim Mail Transfer Agent MTA software. An unauthenticated remote attacker can use this vulnerability to send a specially...
FreeBSD : Dovecot -- Multiple vulnerabilities (37d106a8-15a4-483e-8247-fcb68b16eaf8)
Aki Tuomi reports : Vulnerability Details : Sending malformed NOOP command causes crash in submission, submission-login or lmtp service. Risk : Remote attacker can keep submission-login service down, causing denial of service attack. For lmtp the risk is neglible, as lmtp is usually behind a...
mta-sts.ericleasemorgan.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1159528 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSMTPD OOB Read Local Privilege Escalation', 'Description' = %q This module exploits an out-of-bounds read of an attacker-controlled string in...
OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation Exploit
This Metasploit module exploits an out-of-bounds read of an attacker-controlled string in OpenSMTPD's MTA implementation to execute a command as the root or nobody user, depending on the kind of grammar OpenSMTPD uses. This module requires Metasploit: https://metasploit.com/download Current sourc...
OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSMTPD OOB Read Local Privilege Escalation', 'Description' = %q This module exploits an out-of-bounds read of an attacker-controlled string in...