Lucene search
Veracode Vulnerability DatabaseVERACODE:28397HistoryDec 06, 2020 - 4:22 a.m.
Arbitrary Code Injection
2020-12-0604:22:46
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
0.0004 Low
EPSS
Percentile
5.1%
Apache SpamAssassin is vulnerable to arbitrary code injection. A local user is able to inject arbitrary code in the meta rule syntax.
| CPE | Name | Operator | Version |
|---|---|---|---|
| spamassassin:buster | eq | 3.4.2-1+deb10u2 | |
| spamassassin:buster | eq | 3.4.2-1+deb10u2 |
References
lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html
access.redhat.com/errata/RHSA-2018:2916
lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E
lists.debian.org/debian-lts-announce/2018/11/msg00016.html
security-tracker.debian.org/tracker/CVE-2018-11781
security.gentoo.org/glsa/201812-07
usn.ubuntu.com/3811-1/
usn.ubuntu.com/3811-3/
Related
ubuntucve
ubuntucve
CVE-2018-11781
2018-09-17 00:00:00
osv
osv
CVE-2018-11781
2018-09-17 14:29:00
spamassassin - security update
2018-11-13 00:00:00
redhatcve
redhatcve
CVE-2018-11781
2018-09-17 03:51:04
debiancve
debiancve
CVE-2018-11781
2018-09-17 14:29:00
openvas
openvas
Huawei EulerOS: Security Advisory for spamassassin (EulerOS-SA-2020-2397)
2020-11-04 00:00:00
Huawei EulerOS: Security Advisory for spamassassin (EulerOS-SA-2020-2118)
2020-09-29 00:00:00
Ubuntu: Security Advisory (USN-3811-3)
2022-08-26 00:00:00
cvelist
cvelist
CVE-2018-11781
2018-09-16 00:00:00
prion
prion
Code injection
2018-09-17 14:29:00
nessus
nessus
EulerOS 2.0 SP2 : spamassassin (EulerOS-SA-2020-2397)
2020-11-03 00:00:00
EulerOS 2.0 SP3 : spamassassin (EulerOS-SA-2020-2118)
2020-09-28 00:00:00
RHEL 6 : spamassassin (Unpatched Vulnerability)
2024-06-03 00:00:00
alpinelinux
alpinelinux
CVE-2018-11781
2018-09-17 14:29:00
nvd
nvd
CVE-2018-11781
2018-09-17 14:29:00
cve
cve
CVE-2018-11781
2018-09-17 14:29:00
amazon
amazon
Important: spamassassin
2018-11-07 22:09:00
Important: spamassassin
2018-10-17 21:58:00
redhat
redhat
(RHSA-2018:2916) Important: spamassassin security update
2018-10-11 20:45:18
oraclelinux
oraclelinux
spamassassin security update
2018-10-11 00:00:00
centos
centos
spamassassin security update
2018-10-15 21:01:19
ubuntu
ubuntu
SpamAssassin vulnerabilities
2018-12-05 00:00:00
SpamAssassin vulnerabilities
2018-11-06 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: spamassassin-3.4.2-2.fc29
2018-09-29 22:03:09
[SECURITY] Fedora 28 Update: spamassassin-3.4.2-2.fc28
2018-09-23 20:19:52
[SECURITY] Fedora 27 Update: spamassassin-3.4.2-2.fc27
2018-09-29 23:57:23
freebsd
freebsd
spamassassin -- multiple vulnerabilities
2018-09-16 00:00:00
mageia
mageia
Updated spamassassin packages fix security vulnerabilities
2018-10-30 21:01:43
gentoo
gentoo
SpamAssassin: Multiple vulnerabilities
2018-12-15 00:00:00
debian
debian
[SECURITY] [DLA 1578-1] spamassassin security update
2018-11-13 19:06:19
suse
suse
Security update for spamassassin (moderate)
2019-08-06 00:00:00