Search CVE reports


Toggle filters

1 – 10 of 21 results


CVE-2023-51764

Medium priority

Some fixes available 6 of 7

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote...

1 affected packages

postfix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
postfix Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-32182

Medium priority
Not affected

A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5...

1 affected packages

postfix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
postfix Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-28447

High priority

Some fixes available 3 of 27

Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser...

4 affected packages

civicrm, postfixadmin, smarty3, smarty4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
civicrm Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
postfixadmin Vulnerable Fixed Fixed Fixed Not affected
smarty3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smarty4 Needs evaluation Not in release Not in release Not in release Ignored
Show less packages

CVE-2022-31129

Medium priority

Some fixes available 4 of 92

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment...

11 affected packages

gnucash, mediawiki, node-moment, ntopng, odoo...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnucash Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
mediawiki Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
node-moment Not affected Fixed Fixed Fixed Needs evaluation
ntopng Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
odoo Needs evaluation Needs evaluation Not in release Not in release Not in release
omnidb Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
postfixadmin Vulnerable Fixed Not affected Not affected Not affected
ruby-momentjs-rails Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
sabnzbdplus Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
syncthing Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
wordpress Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 11 packages Show less packages

CVE-2022-29221

Medium priority

Some fixes available 9 of 32

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or...

6 affected packages

collabtive, galette, gosa, postfixadmin, smarty3, smarty4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
collabtive Needs evaluation
galette Needs evaluation
gosa Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
postfixadmin Not affected Fixed Fixed Fixed Not affected
smarty3 Fixed Fixed Needs evaluation Needs evaluation Needs evaluation
smarty4 Needs evaluation
Show less packages

CVE-2020-12063

Medium priority
Not affected

** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o' character. This...

1 affected packages

postfix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
postfix Not affected Not affected Not affected
Show less packages

CVE-2019-16791

Medium priority
Needs evaluation

In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.

1 affected packages

postfix-mta-sts-resolver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
postfix-mta-sts-resolver Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
Show less packages

CVE-2017-5930

Medium priority
Ignored

The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.

1 affected packages

postfixadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
postfixadmin Not affected Not affected
Show less packages

CVE-2014-2655

Medium priority
Fixed

SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias.

1 affected packages

postfixadmin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
postfixadmin
Show less packages

CVE-2011-1720

Medium priority
Fixed

The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication...

1 affected packages

postfix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
postfix
Show less packages