Lucene search
+L

260 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/04/18 4:10 p.m.96 views

Security Bulletin: AIX is vulnerable to email spoofing due to sendmail (CVE-2023-51765)

Summary Vulnerability in sendmail could allow a remote attacker to spoof an email CVE-2023-51765. Vulnerability Details CVEID:CVE-2023-51765 DESCRIPTION: Proofpoint sendmail is vulnerable to SMTP smuggling, caused by improper handling of line endings . in an email message. By sending a specially...

5.3CVSS5.7AI score0.01073EPSS
Exploits2Affected Software2
SUSE CVE
SUSE CVE
added 2023/12/25 2:10 a.m.4 views

SUSE CVE-2023-51765

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

5.3CVSS6.9AI score0.01073EPSS
Exploits2References6
OSV
OSV
added 2023/12/24 6:15 a.m.3 views

DEBIAN-CVE-2023-51765

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

5.3CVSS5.5AI score0.01073EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2023/12/24 6:15 a.m.53 views

CVE-2023-51765

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

5.3CVSS6.1AI score0.01073EPSS
Exploits2References4
OSV
OSV
added 2023/12/24 6:15 a.m.2 views

UBUNTU-CVE-2023-51765

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

5.3CVSS5.8AI score0.01073EPSS
Exploits2References5
Amazon
Amazon
added 2023/03/22 12:0 a.m.19 views

Medium: sendmail

Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...

7.4CVSS8AI score0.02037EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.3 views

SUSE CVE-2006-0058

Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations...

7.6CVSS7.9AI score0.28144EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.4 views

SUSE CVE-2009-4023

Argument injection vulnerability in the sendmail implementation of the Mail::Send method Mail/sendmail.php in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111...

7.5CVSS7.4AI score0.02402EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.4 views

SUSE CVE-2009-4111

Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-402...

6.8CVSS7.6AI score0.01637EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2022/11/09 12:0 a.m.28 views

SUSE SLED15: libmilter-doc / libmilter1_0 / rmail / sendmail / sendmail-devel / etc (SUSE-SU-2022:3899-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3899-1 advisory. - CVE-2022-31256: Fixed mail to root privilege escalation via sm-client.pre script bsc1204696, bsc1202937...

7.8CVSS7.2AI score0.00231EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/10/26 8:55 a.m.15 views

CVE-2022-31256 sendmail: mail to root privilege escalation via sm-client.pre script

A Improper Link Resolution Before File Access 'Link Following' vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1...

7.7CVSS7.4AI score0.00231EPSS
Exploits0References1
OSV
OSV
added 2022/03/23 8:15 p.m.8 views

AZL-9220 CVE-2021-3618 affecting package sendmail 8.15.2-46

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS7.1AI score0.02037EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/08/25 8:56 p.m.23 views

Argument injection in lettre

Impact Affected versions of lettre allowed argument injection to the sendmail command. It was possible, using forged to addresses, to pass arbitrary arguments to the sendmail executable. Depending on the implementation original sendmail, postfix, exim, etc. it could be possible in some cases to...

5.3CVSS6AI score0.01503EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2020/11/11 12:0 p.m.29 views

RUSTSEC-2020-0069 Argument injection in sendmail transport

Affected versions of lettre allowed argument injection to the sendmail command. It was possible, using forged to addresses, to pass arbitrary arguments to the sendmail executable. Depending on the implementation original sendmail, postfix, exim, etc. it could be possible in some cases to write...

5.3CVSS5.3AI score0.01503EPSS
Exploits0References3
OSV
OSV
added 2018/08/06 3:29 p.m.7 views

CVE-2018-14961

dl/dlsendmail.php in zzcms 8.3 has SQL Injection via the sql parameter...

9.8CVSS5.8AI score0.01794EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.6 views

The vulnerability of the SendMail SMTP server software allows a malicious individual to compromise the confidentiality of protected information.

A vulnerability exists in the smcloseonexec function in the conf.c file of the Sendmail software, due to incorrect argument order and the absence of the expected FDCLOEXEC flag. Exploiting this vulnerability allows local users to access file descriptors with high values, by using a specially...

1.9CVSS5.4AI score0.0063EPSS
Exploits0References3Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.28 views

Linux kernel 2.0 Sendmail Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/363/info The 2.0.x kernels have a quirk in the TCP implementation that have to do with the accept call returning after only a syn has been recieved as opposed to the three way handshake having been completed. Sendmail,...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

Sendmail 8.6.9 IDENT Remote root Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2311/info A vulnerability in the IDENT function of sendmail 8.6.9 allows attackers to obtain remote root access. Very little other information on this vulnerability is currently available; this is an old vulnerability. it...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

Sendmail 8.12.x Header Processing Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/6991/info Sendmail is prone to a remotely buffer-overflow vulnerability in the SMTP header parsing component. Successful attackers may exploit this vulnerability to gain control of affected servers. Reportedly, this...

7.1AI score
Exploits0
OSV
OSV
added 2014/06/04 11:19 a.m.7 views

CVE-2014-3956

The smcloseonexec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FDCLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program...

5.9AI score
Exploits0References18
Rows per page
Query Builder