Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
postfix postfix vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-33912
libspf2 prior to 1.2.11 has a four-byte heap-based buffer overflow that might allow remote malicious users to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_reco...
Libspf2 Project Libspf2
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2021-33913
libspf2 prior to 1.2.11 has a heap-based buffer overflow that might allow remote malicious users to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c. The a...
Libspf2 Project Libspf2
8.8
CVSSv3
CVE-2023-34108
mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulnerability has been discovered in mailcow which allows an malicious user to manipulate internal Dovecot variables by using s...
Mailcow Mailcow\\ Dockerized
7.8
CVSSv3
CVE-2023-32182
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enter...
Opensuse Leap 15.5
Suse Suse Linux Enterprise Desktop 15
Suse Linux Enterprise High Performance Computing 15.0
7.8
CVSSv3
CVE-2022-3569
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.
Synacor Zimbra Collaboration Suite
7.8
CVSSv3
CVE-2017-10140
Postfix prior to 2.11.10, 3.0.x prior to 3.0.10, 3.1.x prior to 3.1.6, and 3.2.x prior to 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.
Postfix Postfix
6.1
CVSSv3
CVE-2012-0812
PostfixAdmin 2.3.4 has multiple XSS vulnerabilities
Postfix Admin Project Postfix Admin 2.3.4
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
5.9
CVSSv3
CVE-2019-16791
In postfix-mta-sts-resolver prior to 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.
Postfix-mta-sts-resolver Project Postfix-mta-sts-resolver
5.3
CVSSv3
CVE-2023-51764
Postfix up to and including 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation tec...
Postfix Postfix
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
5 Github repositories
5.3
CVSSv3
CVE-2021-35525
PostSRSd prior to 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if ther...
Postsrsd Project Postsrsd
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »