Search CVE reports


Toggle filters

1 – 10 of 14 results


CVE-2023-51765

Medium priority
Needs evaluation

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection...

1 affected packages

sendmail

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sendmail Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-3618

Low priority

Some fixes available 6 of 22

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having...

3 affected packages

nginx, sendmail, vsftpd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nginx Not affected Fixed Fixed Fixed Fixed
sendmail Not affected Vulnerable Vulnerable Vulnerable Needs evaluation
vsftpd Not affected Not affected Fixed Vulnerable Vulnerable
Show less packages

CVE-2014-3956

Low priority

Some fixes available 1 of 4

The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file...

1 affected packages

sendmail

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sendmail Not affected Not affected
Show less packages

CVE-2009-4565

Medium priority
Ignored

sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server...

1 affected packages

sendmail

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sendmail
Show less packages

CVE-2009-1490

Medium priority
Not affected

Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.

1 affected packages

sendmail

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sendmail
Show less packages

CVE-2006-7176

Unknown priority
Not affected

The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to...

1 affected packages

sendmail

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sendmail
Show less packages

CVE-2006-7175

Unknown priority
Not affected

The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired.

1 affected packages

sendmail

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sendmail
Show less packages

CVE-2006-4434

Unknown priority

Some fixes available 7 of 8

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer...

1 affected packages

sendmail

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sendmail
Show less packages

CVE-2006-1173

Unknown priority
Fixed

Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to...

1 affected packages

sendmail

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sendmail
Show less packages

CVE-2006-0058

Unknown priority
Fixed

Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify...

1 affected packages

sendmail

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sendmail
Show less packages