Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Tenable Nessus
Tenable Nessusadded 2021/09/14 12:0 a.m.33 views

EulerOS 2.0 SP2 : spamassassin (EulerOS-SA-2021-2450)

According to the versions of the spamassassin package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this,...

10CVSS7.2AI score0.03407EPSS
Exploits0References3
AlpineLinux
AlpineLinuxadded 2021/03/25 9:20 a.m.32 views

CVE-2020-1946

In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3...

10CVSS7.8AI score0.03407EPSS
Exploits0
FreeBSD
FreeBSDadded 2021/03/24 12:0 a.m.38 views

spamassassin -- Malicious rule configuration (.cf) files can be configured to run system commands

The Apache SpamAssassin project reports: Apache SpamAssassin 3.4.5 was recently released 1, and fixes an issue of security note where malicious rule configuration .cf files can be configured to run system commands. In Apache SpamAssassin before 3.4.5, exploits can be injected in a number of...

10CVSS1.2AI score0.03407EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2020/01/30 6:15 p.m.20 views

CVE-2020-1931

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration .cf files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Thanks to Damian...

9.3CVSS6.9AI score0.01471EPSS
Exploits0References6
OSV
OSVadded 2019/12/12 11:15 p.m.19 views

CVE-2018-11805

In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party ....

6.7CVSS7.5AI score
Exploits0References29
Prion
Prionadded 2019/12/12 11:15 p.m.26 views

Design/Logic Flaw

In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party ....

7.2CVSS7AI score0.00054EPSS
Exploits0References29Affected Software2
Cvelist
Cvelistadded 2019/12/12 10:11 p.m.21 views

CVE-2018-11805

In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party ....

7.2AI score0.00054EPSS
Exploits0References29
AlpineLinux
AlpineLinuxadded 2019/12/12 10:11 p.m.43 views

CVE-2018-11805

In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party ....

7.2CVSS7.4AI score0.00054EPSS
Exploits0
Rows per page
Query Builder