Lucene search
K

256 matches found

Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.72 views

OpenSMTPD: Multiple vulnerabilities

Background OpenSMTPD is a lightweight but featured SMTP daemon from OpenBSD. Description Multiple vulnerabilities have been discovered in OpenSMTPD. Please review the CVE identifiers referenced below for details. Impact A remote attacker, by connecting to the SMTP listener daemon, could possibly...

7.5CVSS2.4AI score0.03578EPSS
Exploits0
0day.today
0day.today
added 2021/04/07 12:0 a.m.233 views

OpenBSD OpenSMTPD 6.6 Remote Code Execution Exploit

smtpmailaddr in smtpsession.c in OpenSMTPD version 6.6, as used in OpenBSD version 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default...

9.8CVSS9.8AI score0.98946EPSS
Exploits27
Packet Storm
Packet Storm
added 2021/04/06 12:0 a.m.526 views

OpenBSD OpenSMTPD 6.6 Remote Code Execution

Exploit Title: OpenBSD OpenSMTPD Remote Code Execution Vulnerability Date: 05/04/2021 Exploit Author: Tobias Marcotto Tested on: Kali Linux x64 Version: 6.6 Description: smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute...

10CVSS0.2AI score0.98946EPSS
Exploits27
Ubuntu
Ubuntu
added 2021/03/15 11:6 p.m.53 views

USN-4875-1: OpenSMTPD vulnerabilities

It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could possibly use this vulnerability to execute arbitrary commands as root. CVE-2020-7247 It was discovered that OpenSMTPD did not properly handle hardlinks und...

10CVSS7.9AI score0.98946EPSS
Exploits41
GithubExploit
GithubExploit
added 2021/02/13 6:57 a.m.172 views

Exploit for Improper Handling of Exceptional Conditions in Openbsd Opensmtpd

CVE-2020-7247-exploit OpenSMTPD 6.4.0 -...

10CVSS9.8AI score0.98946EPSS
Exploits27
Tenable Nessus
Tenable Nessus
added 2021/02/01 12:0 a.m.30 views

Fedora 32 : opensmtpd (2021-71fbdecdf8)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-71fbdecdf8 advisory. - smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a very significant memory leak via...

7.5CVSS7.2AI score0.03578EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/02/01 12:0 a.m.22 views

Fedora 33 : opensmtpd (2021-848fd34b0b)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-848fd34b0b advisory. - smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a very significant memory leak via...

7.5CVSS7.2AI score0.03578EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2021/02/01 12:0 a.m.17 views

Fedora: Security Advisory for opensmtpd (FEDORA-2021-71fbdecdf8)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.7AI score
Exploits0References2
OpenVAS
OpenVAS
added 2021/02/01 12:0 a.m.14 views

Fedora: Security Advisory for opensmtpd (FEDORA-2021-848fd34b0b)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.7AI score
Exploits0References2
Fedora
Fedora
added 2021/01/30 1:55 a.m.91 views

[SECURITY] Fedora 33 Update: opensmtpd-6.8.0p2-1.fc33

OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defi ned by RFC 5321, with some additional standard extensions. It allows ordinary machines to exchange e-mails with other systems speaking the SMTP protocol. Started out of dissatisfaction with other implementations, OpenSMTP...

7.5CVSS0.8AI score0.03578EPSS
Exploits0
Fedora
Fedora
added 2021/01/30 1:42 a.m.96 views

[SECURITY] Fedora 32 Update: opensmtpd-6.8.0p2-1.fc32

OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defi ned by RFC 5321, with some additional standard extensions. It allows ordinary machines to exchange e-mails with other systems speaking the SMTP protocol. Started out of dissatisfaction with other implementations, OpenSMTP...

7.5CVSS0.8AI score0.03578EPSS
Exploits0
ArchLinux
ArchLinux
added 2021/01/12 12:0 a.m.95 views

[ASA-202101-18] opensmtpd: multiple issues

Arch Linux Security Advisory ASA-202101-18 ========================================== Severity: High Date : 2021-01-12 CVE-ID : CVE-2020-35679 CVE-2020-35680 Package : opensmtpd Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1381 Summary ======= The package opensmtp...

7.5CVSS2.1AI score0.03578EPSS
Exploits0References5
Veracode
Veracode
added 2020/12/29 1:2 a.m.24 views

Denial Of Service (DoS)

opensmtpd is vulnerable to denial of service. The smtpd/lkafilter.c, in certain configurations, allows remote attackers to cause a denial of service via a NULL pointer dereference and daemon crash using a malicious pattern of client activity as the filter state machine does not properly maintain...

7.5CVSS4.3AI score0.03578EPSS
Exploits0References10Affected Software1
Veracode
Veracode
added 2020/12/29 1:2 a.m.20 views

Denial Of Service (DoS)

OpenSMTPD is vulnerable to denial of service. The vulnerability is possible because it lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages...

7.5CVSS5.6AI score0.02835EPSS
Exploits0References10Affected Software1
CNVD
CNVD
added 2020/12/25 12:0 a.m.5 views

Openbsd Opensmtpd Null Pointer Dereference Vulnerability

OpenSMTPD is a Unix daemon that implements the Simple Mail Transfer Protocol for delivering mail on the local computer or relaying mail to other SMTP servers. A null pointer dereference vulnerability exists in smtpd/lkafilter.c in versions of OpenSMTPD prior to 6.8.0p1. The vulnerability stems fr...

7.5CVSS6.5AI score0.03578EPSS
Exploits0References1
OSV
OSV
added 2020/12/24 4:15 p.m.5 views

ALPINE-CVE-2020-35680

smtpd/lkafilter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between th...

7.5CVSS6.7AI score0.03578EPSS
Exploits0References1
OSV
OSV
added 2020/12/24 4:15 p.m.5 views

ALPINE-CVE-2020-35679

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups...

7.5CVSS6.9AI score0.02835EPSS
Exploits0References1
NVD
NVD
added 2020/12/24 4:15 p.m.15 views

CVE-2020-35680

smtpd/lkafilter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between th...

7.5CVSS7.2AI score0.03578EPSS
Exploits0References6
NVD
NVD
added 2020/12/24 4:15 p.m.16 views

CVE-2020-35679

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups...

7.5CVSS7.3AI score0.02835EPSS
Exploits0References6
OSV
OSV
added 2020/12/24 4:15 p.m.2 views

DEBIAN-CVE-2020-35679

smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups...

7.5CVSS7.3AI score0.02835EPSS
Exploits0References1
Rows per page
Query Builder