Lucene search
K

261 matches found

CVE
CVE
added 2021/08/10 2:6 p.m.310 views

CVE-2021-38371

CVE-2021-38371 affects Exim (STARTTLS) up to version 4.94.2. The vulnerability allows response injection (buffering) during MTA SMTP sending due to how STARTTLS sync point is enforced on the client side. Affected products include Exim in various distributions (Debian/Ubuntu/Amazon Linux/Alpine/Op...

7.5CVSS7.5AI score0.01996EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/08/04 4:15 p.m.3 views

CVE-2020-29011

Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests...

8.8CVSS6AI score0.00976EPSS
Exploits0References1
Fedora
Fedora
added 2021/07/20 1:6 a.m.36 views

[SECURITY] Fedora 34 Update: opendmarc-1.4.1.1-3.fc34

OpenDMARC Domain-based Message Authentication, Reporting & Conformance provides an open source library that implements the DMARC verification service plus a milter-based filter application that can plug in to any milter-aware MTA, including sendmail, Postfix, or any other MTA that supports the...

7.5CVSS7.6AI score0.02746EPSS
Exploits1
Fedora
Fedora
added 2021/05/31 1:5 a.m.65 views

[SECURITY] Fedora 34 Update: opendmarc-1.4.1-1.fc34

OpenDMARC Domain-based Message Authentication, Reporting & Conformance provides an open source library that implements the DMARC verification service plus a milter-based filter application that can plug in to any milter-aware MTA, including sendmail, Postfix, or any other MTA that suppor ts the...

7.5CVSS1.7AI score0.03684EPSS
Exploits3
Fedora
Fedora
added 2021/05/08 1:34 a.m.67 views

[SECURITY] Fedora 34 Update: opendmarc-1.4.0-1.fc34

OpenDMARC Domain-based Message Authentication, Reporting & Conformance provides an open source library that implements the DMARC verification service plus a milter-based filter application that can plug in to any milter-aware MTA, including sendmail, Postfix, or any other MTA that suppor ts the...

9.8CVSS1.7AI score0.03684EPSS
Exploits1
OpenVAS
OpenVAS
added 2021/05/08 12:0 a.m.17 views

Fedora: Security Advisory for opendmarc (FEDORA-2021-c1b846164e)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.6AI score0.03684EPSS
Exploits1References2
Fedora
Fedora
added 2021/05/07 1:5 a.m.19 views

[SECURITY] Fedora 34 Update: exim-4.94.2-1.fc34

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

1.5AI score
Exploits0
OpenVAS
OpenVAS
added 2021/05/07 12:0 a.m.31 views

Fedora: Security Advisory for exim (FEDORA-2021-848a196b2d)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.2AI score0.61664EPSS
Exploits6References2
OpenVAS
OpenVAS
added 2021/04/04 12:0 a.m.8 views

Fedora: Security Advisory for exim (FEDORA-2021-89cb264e4d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
The Hacker News
The Hacker News
added 2021/01/25 1:46 p.m.57 views

Enhancing Email Security with MTA-STS and SMTP TLS Reporting

In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the...

7.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2020/08/13 4:13 a.m.33 views

CVE-2020-12100

A flaw was found in dovecot. A remote attacker could cause a denial of service by repeatedly sending emails containing MIME parts containing malicious content of which dovecot will attempt to parse. The highest threat from this vulnerability is to system availability. Mitigation Upstream suggests...

5CVSS3.4AI score0.05215EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2020/07/27 12:0 a.m.33 views

GLSA-202007-01 : netqmail: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202007-01 netqmail: Multiple vulnerabilities Multiple vulnerabilities have been discovered in netqmail. Please review the CVE identifiers referenced below for details. Impact : In the default configuration, these vulnerabilities a...

9.8CVSS7.4AI score0.10789EPSS
Exploits6References4
Qualys Blog
Qualys Blog
added 2020/05/29 10:42 p.m.202 views

NSA Announces Sandworm Actors Exploiting Exim MTA Vulnerability (CVE-2019-10149)

The Exim MTA vulnerability, initially reported by Qualys in May 2019, is currently being exploited in the wild. Recently, the US National Security Agency NSA announced that Sandworm actors Russian hacker group have been actively exploiting the Exim Mail Transfer Agent vulnerability. Qualys releas...

7.5CVSS0.9AI score0.99961EPSS
Exploits27
ThreatPost
ThreatPost
added 2020/05/29 4:34 p.m.487 views

NSA Warns of Sandworm Backdoor Attacks on Mail Servers

The Russia-linked APT group Sandworm has been spotted exploiting a vulnerability in the internet’s top email server software, according to the National Security Agency NSA. The bug exists in the Exim Mail Transfer Agent MTA software, an open-source offering used on Linux and Unix-like systems. It...

7.5CVSS0.9AI score0.99961EPSS
Exploits27References11
CISA
CISA
added 2020/05/28 12:0 a.m.99 views

NSA Releases Advisory on Sandworm Actors Exploiting an Exim Vulnerability

The National Security Agency NSA has released a cybersecurity advisory on Russian advanced persistent threat APT group Sandworm exploiting a vulnerability—CVE-2019-10149—in Exim Mail Transfer Agent MTA software. An unauthenticated remote attacker can use this vulnerability to send a specially...

10CVSS3.1AI score0.99961EPSS
Exploits27References3
Tenable Nessus
Tenable Nessus
added 2020/05/19 12:0 a.m.28 views

FreeBSD : Dovecot -- Multiple vulnerabilities (37d106a8-15a4-483e-8247-fcb68b16eaf8)

Aki Tuomi reports : Vulnerability Details : Sending malformed NOOP command causes crash in submission, submission-login or lmtp service. Risk : Remote attacker can keep submission-login service down, causing denial of service attack. For lmtp the risk is neglible, as lmtp is usually behind a...

7.5CVSS6.6AI score0.08153EPSS
Exploits5References5
Openbugbounty
Openbugbounty
added 2020/05/12 12:11 p.m.9 views

mta-sts.ericleasemorgan.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1159528 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

6.2AI score
Exploits0
Exploit DB
Exploit DB
added 2020/03/09 12:0 a.m.185 views

OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSMTPD OOB Read Local Privilege Escalation', 'Description' = %q This module exploits an out-of-bounds read of an attacker-controlled string in...

10CVSS9.6AI score0.889EPSS
Exploits10
0day.today
0day.today
added 2020/03/06 12:0 a.m.390 views

OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation Exploit

This Metasploit module exploits an out-of-bounds read of an attacker-controlled string in OpenSMTPD's MTA implementation to execute a command as the root or nobody user, depending on the kind of grammar OpenSMTPD uses. This module requires Metasploit: https://metasploit.com/download Current sourc...

10CVSS0.4AI score0.889EPSS
Exploits10
Packet Storm
Packet Storm
added 2020/03/05 12:0 a.m.119 views

OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSMTPD OOB Read Local Privilege Escalation', 'Description' = %q This module exploits an out-of-bounds read of an attacker-controlled string in...

10CVSS0.4AI score0.889EPSS
Exploits10
Rows per page
Query Builder