Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2018-11805 vulnerabilities and exploits

(subscribe to this query)
641
VMScore
CVE-2018-11805
In Apache SpamAssassin prior to 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update chan...
Apache SpamassassinDebian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0
801
VMScore
CVE-2019-19920
sa-exim 4.2.1 allows malicious users to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.
Sa-exim Project Sa-exim 4.2.1Debian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0Canonical Ubuntu Linux 16.04
445
VMScore
CVE-2019-12420
In Apache SpamAssassin prior to 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
Apache SpamassassinDebian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0
828
VMScore
CVE-2020-1931
A command execution issue was found in Apache SpamAssassin before 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the issue will throw warnings. Th...
Apache Spamassassin
828
VMScore
CVE-2020-1930
A command execution issue was found in Apache SpamAssassin before 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched, exploits can be injected in a number of scenarios inclu...
Apache Spamassassin
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook