Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache spamassassin vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2007-0451
Apache SpamAssassin prior to 3.1.8 allows remote malicious users to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
Apache Spamassassin 3.0.2
Apache Spamassassin 3.0.3
Apache Spamassassin 3.0.4
Apache Spamassassin 3.0.1
Apache Spamassassin 3.1.2
Apache Spamassassin
Apache Spamassassin 3.1.0
Apache Spamassassin 3.1.1
520
VMScore
CVE-2006-2447
SpamAssassin prior to 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote malicious users to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
Apache Spamassassin 3.1.2
Apache Spamassassin 3.1.0
Apache Spamassassin 3.1.1
2 EDB exploits
445
VMScore
CVE-2005-1266
Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote malicious users to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
Apache Spamassassin 3.0.3
Apache Spamassassin 3.0.1
Apache Spamassassin 3.0.2
828
VMScore
CVE-2020-1930
A command execution issue was found in Apache SpamAssassin before 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios inclu...
Apache Spamassassin
828
VMScore
CVE-2020-1931
A command execution issue was found in Apache SpamAssassin before 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Th...
Apache Spamassassin
445
VMScore
CVE-2005-3351
SpamAssassin 3.0.4 allows malicious users to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl.
Apache Spamassassin 3.0.4
445
VMScore
CVE-2019-12420
In Apache SpamAssassin prior to 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
Apache Spamassassin
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
641
VMScore
CVE-2018-11805
In Apache SpamAssassin prior to 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update chan...
Apache Spamassassin
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
935
VMScore
CVE-2010-1132
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote malicious users to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.
Georg Greve Spamassassin Milter Plugin 0.3.1
1 EDB exploit
890
VMScore
CVE-2020-1946
In Apache SpamAssassin prior to 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use...
Apache Spamassassin
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »