Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache spamassassin vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-0451
Apache SpamAssassin prior to 3.1.8 allows remote malicious users to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
Apache Spamassassin 3.0.2
Apache Spamassassin 3.0.3
Apache Spamassassin 3.0.4
Apache Spamassassin 3.0.1
Apache Spamassassin 3.1.2
Apache Spamassassin
Apache Spamassassin 3.1.0
Apache Spamassassin 3.1.1
NA
CVE-2006-2447
SpamAssassin prior to 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote malicious users to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
Apache Spamassassin 3.1.2
Apache Spamassassin 3.1.0
Apache Spamassassin 3.1.1
2 EDB exploits
NA
CVE-2005-1266
Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote malicious users to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
Apache Spamassassin 3.0.3
Apache Spamassassin 3.0.1
Apache Spamassassin 3.0.2
8.1
CVSSv3
CVE-2020-1930
A command execution issue was found in Apache SpamAssassin before 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios inclu...
Apache Spamassassin
8.1
CVSSv3
CVE-2020-1931
A command execution issue was found in Apache SpamAssassin before 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Th...
Apache Spamassassin
NA
CVE-2005-3351
SpamAssassin 3.0.4 allows malicious users to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl.
Apache Spamassassin 3.0.4
7.5
CVSSv3
CVE-2019-12420
In Apache SpamAssassin prior to 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
Apache Spamassassin
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
6.7
CVSSv3
CVE-2018-11805
In Apache SpamAssassin prior to 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update chan...
Apache Spamassassin
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
NA
CVE-2010-1132
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote malicious users to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.
Georg Greve Spamassassin Milter Plugin 0.3.1
1 EDB exploit
9.8
CVSSv3
CVE-2020-1946
In Apache SpamAssassin prior to 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use...
Apache Spamassassin
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »