Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache spamassassin vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-1946
In Apache SpamAssassin prior to 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use...
Apache Spamassassin
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
9.8
CVSSv3
CVE-2018-11780
A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin prior to 3.4.2.
Apache Spamassassin
Pdfinfo Project Pdfinfo -
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
8.1
CVSSv3
CVE-2020-1930
A command execution issue was found in Apache SpamAssassin before 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios inclu...
Apache Spamassassin
8.1
CVSSv3
CVE-2020-1931
A command execution issue was found in Apache SpamAssassin before 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Th...
Apache Spamassassin
7.8
CVSSv3
CVE-2016-1238
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpa...
Debian Debian Linux 8.0
Fedoraproject Fedora 24
Fedoraproject Fedora 23
Perl Perl 5.003 92
Perl Perl 5.21.1
Perl Perl 5.9.3
Perl Perl 5.14.1
Perl Perl 5.8.0
Perl Perl 5.003 97
Perl Perl 5.6.0
Perl Perl 5.17.11
Perl Perl 5.24.1
Perl Perl 5.16.0
Perl Perl 5.19.6
Perl Perl 5.22.3
Perl Perl 5.17.4
Perl Perl 5.003 03
Perl Perl 5.18.4
Perl Perl 5.18.2
Perl Perl 5.8.4
Perl Perl 5.15.6
Perl Perl 5.004 04
4 Github repositories
7.5
CVSSv3
CVE-2019-12420
In Apache SpamAssassin prior to 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
Apache Spamassassin
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
6.7
CVSSv3
CVE-2018-11805
In Apache SpamAssassin prior to 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update chan...
Apache Spamassassin
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
NA
CVE-2010-1132
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote malicious users to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.
Georg Greve Spamassassin Milter Plugin 0.3.1
1 EDB exploit
NA
CVE-2007-0451
Apache SpamAssassin prior to 3.1.8 allows remote malicious users to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
Apache Spamassassin 3.0.4
Apache Spamassassin 3.0.3
Apache Spamassassin 3.1.0
Apache Spamassassin 3.0.1
Apache Spamassassin
Apache Spamassassin 3.1.2
Apache Spamassassin 3.0.2
Apache Spamassassin 3.1.1
NA
CVE-2006-2447
SpamAssassin prior to 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote malicious users to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
Apache Spamassassin 3.1.0
Apache Spamassassin 3.1.2
Apache Spamassassin 3.1.1
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »