Lucene search
K

374 matches found

Tenable Nessus
Tenable Nessus
added 2024/01/23 12:0 a.m.63 views

Amazon Linux 2 : postfix (ALAS-2024-2420)

The version of postfix installed on the remote host is prior to 2.10.1-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2420 advisory. Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and...

5.3CVSS5.8AI score0.02598EPSS
Exploits4References4
Amazon
Amazon
added 2024/01/22 12:0 a.m.55 views

Important: postfix

Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...

5.3CVSS5.4AI score0.02598EPSS
Exploits4
Amazon
Amazon
added 2024/01/22 12:0 a.m.7 views

Important: postfix

Issue Overview: Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mai...

5.3CVSS6.8AI score0.02598EPSS
Exploits4
Amazon
Amazon
added 2024/01/22 12:0 a.m.36 views

Important: exim

Issue Overview: Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some...

5.3CVSS7.7AI score0.01072EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/01/22 12:0 a.m.42 views

CBL Mariner 2.0 Security Update: postfix (CVE-2023-51764)

The version of postfix installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-51764 advisory. - Postfix through 3.8.5 allows SMTP smuggling unless configured with...

5.3CVSS5.7AI score0.02598EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2024/01/22 12:0 a.m.29 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 : Postfix vulnerability (USN-6591-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6591-1 advisory. Timo Longin discovered that Postfix incorrectly handled certain email line endings. A remote attacker could possibly u...

5.3CVSS5.7AI score0.02598EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2024/01/15 12:0 a.m.29 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Libspf2 vulnerabilities (USN-6584-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6584-1 advisory. Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system wer...

9.8CVSS8.5AI score0.09643EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2024/01/15 12:0 a.m.30 views

GLSA-202401-22 : libspf2: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-22 libspf2: Multiple vulnerabilities - Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF...

9.8CVSS9.2AI score0.09643EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2024/01/11 12:0 a.m.41 views

Fedora 38 : exim (2024-e0841c83bb)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e0841c83bb advisory. Security fix for CVE-2023-51766. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

5.3CVSS7.3AI score0.01072EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/01/11 12:0 a.m.33 views

Fedora 39 : exim (2024-1ef6197a49)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-1ef6197a49 advisory. =Security fix for CVE-2023-51766. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

5.3CVSS7.3AI score0.01072EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/01/10 12:0 a.m.26 views

Fedora 39 : postfix (2024-c839e7294f)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c839e7294f advisory. Security fix for CVE-2023-51764. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

5.3CVSS5.7AI score0.02598EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2024/01/10 12:0 a.m.26 views

Fedora 38 : postfix (2024-5c186175f2)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-5c186175f2 advisory. Security fix for CVE-2023-51764. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

5.3CVSS5.7AI score0.02598EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2024/01/10 12:0 a.m.40 views

Exim < 4.97.1 SMTP Smuggling Vulnerability (Dec 2023)

Exim is prone to a SMTP smuggling vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:exim:exim"; if description...

5.3CVSS5.5AI score0.01072EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2024/01/10 12:0 a.m.15 views

Postfix SMTP Smuggling Vulnerability (Dec 2023)

Postfix is prone to a SMTP smuggling vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postfix:postfix"; ifdescripti...

5.3CVSS5.1AI score0.02598EPSS
Exploits4References11
Malwarebytes
Malwarebytes
added 2024/01/07 11:53 a.m.39 views

Explained: SMTP smuggling

SMTP smuggling is a technique that allows an attacker to send an email from pretty much any address they like. The intended goal is email spoofing—sending emails with false sender addresses. Email spoofing allows criminals to make malicious emails more believable. Let’s take a closer look at what...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/01/03 10:42 a.m.59 views

SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails

A new exploitation technique called Simple Mail Transfer Protocol SMTP smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures. "Threat actors could abuse vulnerable SMTP servers worldwide to send malicious emails from...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/01/03 12:0 a.m.27 views

SUSE SLED15: postfix / postfix-bdb / postfix-bdb-lmdb / postfix-devel / etc (SUSE-SU-2024:0012-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0012-1 advisory. - CVE-2023-51764: Fixed SMTP smuggling attack bsc1218304. Tenable has extracted the preceding description...

5.3CVSS6.1AI score0.02598EPSS
Exploits4References5
GithubExploit
GithubExploit
added 2023/12/26 5:2 p.m.520 views

Exploit for Insufficient Verification of Data Authenticity in Postfix

CVE-2023-51764 Postfix SMTP Smuggling - Expect Script POC sen...

5.3CVSS5.2AI score0.02598EPSS
Exploits4
Veracode
Veracode
added 2023/12/26 12:49 p.m.36 views

SMTP Smuggling

Postfix is vulnerable to SMTP smuggling. The vulnerability is caused due to support for . while handling line endings. A remote attacker can exploit this using published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection...

5.3CVSS6.7AI score0.02598EPSS
Exploits4References18Affected Software1
RedhatCVE
RedhatCVE
added 2023/12/25 10:30 p.m.66 views

CVE-2023-51765

A flaw was found in some SMTP server configurations in Sendmail. This issue may allow a remote attacker to break out of the email message data to "smuggle" SMTP commands and send spoofed emails that pass SPF checks. Mitigation Mitigation for this issue is either not available or the currently...

5.3CVSS5AI score0.01073EPSS
Exploits2References4
Rows per page
Query Builder