postfix: buffer over-read via malformed enhanced status code

A flaw was found in Postfix. This issue occurs when processing enhanced status codes, specifically an enhanced status code that lacks text following the third number. Depending on the configuration of the server, this allows a remote attacker to cause a buffer over-read of only 1 byte, leading to...

postfix: buffer over-read via malformed enhanced status code

A flaw was found in Postfix. This issue occurs when processing enhanced status codes, specifically an enhanced status code that lacks text following the third number. Depending on the configuration of the server, this allows a remote attacker to cause a buffer over-read of only 1 byte, leading to...

PT-2026-49504

Unauthenticated SQL Injection in Advanced 301 and 302 Redirect = 1.6.9 versions...

Updated postfix packages fix security vulnerability

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number. CVE-2026-43964...

USN-8253-2: Postfix vulnerability

USN-8253-1 fixed a vulnerability in Postfix. This update provides the corresponding fix for Postfix on Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes....

USN-8253-2 postfix vulnerability

USN-8253-1 fixed a vulnerability in Postfix. This update provides the corresponding fix for Postfix on Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes....

CVE-2026-43964

A flaw was found in Postfix. This issue occurs when processing enhanced status codes, specifically an enhanced status code that lacks text following the third number. Depending on the configuration of the server, this allows a remote attacker to cause a buffer over-read of only 1 byte, leading to...

OESA-2026-2288 postfix security update

Postfix is a Mail Transport Agent MTA. Security Fixes: Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.CVE-2026-43964...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Postfix vulnerability (USN-8253-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8253-1 advisory. Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes. A remote attacker could possibly use...

OESA-2026-2209 postfix security update

Postfix is a Mail Transport Agent MTA. Security Fixes: Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.CVE-2026-43964...

USN-8253-1: Postfix vulnerability

Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes. A remote attacker could possibly use this issue to cause Postfix to crash, resulting in a denial of service...

USN-8253-1 postfix vulnerability

Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes. A remote attacker could possibly use this issue to cause Postfix to crash, resulting in a denial of service...

PT-2026-39180

Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes. A remote attacker could possibly use this issue to cause Postfix to crash, resulting in a denial of service...

Postfix 安全漏洞

Postfix is an open-source mail transfer agent software developed by Postfix. Vulnerabilities existed in versions prior to Postfix 3.8.16, 3.9.10, and 3.10.9. These vulnerabilities stemmed from the lack of text after the third digit in enhanced status codes, which could lead to excessive buffer...

CVE-2026-42041

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...

CVE-2026-42041

Affected software: Axios (browser and Node.js). Vulnerability: Prototype Pollution in the mergeDirectKeys path used by validateStatus, allowing pollution of Object.prototype that could cause all HTTP status codes to be treated as success. Root cause: The only config property using the mergeDirect...

CVE-2026-42041

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...

Axios 授权问题漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to Axios 1.15.1 and 0.31.1 have a vulnerability related to authorization. This vulnerability stems from the use of the mergeDirectKeys merging strategy in validateStatus. This strategy uses the in operator to traverse the...

Astro 安全漏洞

Astro is a content-driven website framework developed by Astro OpenSource. Versions of Astro prior to 10.0.5 contained security vulnerabilities; these vulnerabilities stemmed from incorrect status codes returned when processing the if-match header, which could lead to static resource caching erro...

GHSA-M577-W9J8-CH7J AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter

Summary AVideo's video processing pipeline accepts an overrideStatus request parameter that allows any uploader to set a video's status to any valid state, including "active" a. This bypasses the admin-controlled moderation and draft workflows. The setStatus method validates the status code again...