Search CVE reports
1 – 10 of 14 results
CVE-2023-51765
Medium prioritysendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection...
1 affected packages
sendmail
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sendmail | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-3618
Low prioritySome fixes available 6 of 22
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having...
3 affected packages
nginx, sendmail, vsftpd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
nginx | Not affected | Fixed | Fixed | Fixed | Fixed |
sendmail | Not affected | Vulnerable | Vulnerable | Vulnerable | Needs evaluation |
vsftpd | Not affected | Not affected | Fixed | Vulnerable | Vulnerable |
CVE-2014-3956
Low prioritySome fixes available 1 of 4
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file...
1 affected packages
sendmail
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sendmail | — | — | — | Not affected | Not affected |
CVE-2009-4565
Medium prioritysendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server...
1 affected packages
sendmail
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sendmail | — | — | — | — | — |
CVE-2009-1490
Medium priorityHeap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.
1 affected packages
sendmail
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sendmail | — | — | — | — | — |
CVE-2006-7176
Unknown priorityThe version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to...
1 affected packages
sendmail
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sendmail | — | — | — | — | — |
CVE-2006-7175
Unknown priorityThe version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired.
1 affected packages
sendmail
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sendmail | — | — | — | — | — |
CVE-2006-4434
Unknown prioritySome fixes available 7 of 8
Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer...
1 affected packages
sendmail
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sendmail | — | — | — | — | — |
CVE-2006-1173
Unknown prioritySendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to...
1 affected packages
sendmail
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sendmail | — | — | — | — | — |
CVE-2006-0058
Unknown prioritySignal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify...
1 affected packages
sendmail
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sendmail | — | — | — | — | — |