Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
postfix postfix 2.5.5 vulnerabilities and exploits
(subscribe to this query)
6.9
CVSSv2
CVE-2009-2939
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
Postfix Postfix 2.5.5
6.8
CVSSv2
CVE-2011-0411
The STARTTLS implementation in Postfix 2.4.x prior to 2.4.16, 2.5.x prior to 2.5.12, 2.6.x prior to 2.6.9, and 2.7.x prior to 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle malicious users to insert commands into encrypted SMTP sessions by sending ...
Postfix Postfix 2.4.10
Postfix Postfix 2.4
Postfix Postfix 2.4.15
Postfix Postfix 2.4.0
Postfix Postfix 2.4.5
Postfix Postfix 2.4.8
Postfix Postfix 2.4.12
Postfix Postfix 2.4.3
Postfix Postfix 2.4.11
Postfix Postfix 2.4.7
Postfix Postfix 2.4.2
Postfix Postfix 2.4.9
Postfix Postfix 2.4.13
Postfix Postfix 2.4.14
Postfix Postfix 2.4.1
Postfix Postfix 2.4.6
Postfix Postfix 2.4.4
Postfix Postfix 2.5.0
Postfix Postfix 2.5.9
Postfix Postfix 2.5.2
Postfix Postfix 2.5.7
Postfix Postfix 2.5.8
2.1
CVSSv2
CVE-2008-3889
Postfix 2.4 prior to 2.4.9, 2.5 prior to 2.5.5, and 2.6 prior to 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or ex...
Postfix Postfix 2.4
Postfix Postfix 2.4.0
Postfix Postfix 2.4.1
Postfix Postfix 2.4.2
Postfix Postfix 2.4.3
Postfix Postfix 2.4.4
Postfix Postfix 2.4.5
Postfix Postfix 2.4.6
Postfix Postfix 2.4.7
Postfix Postfix 2.4.8
Postfix Postfix 2.5.1
Postfix Postfix 2.5.2
Postfix Postfix 2.5.3
Postfix Postfix 2.6
6.8
CVSSv2
CVE-2011-1720
The SMTP server in Postfix prior to 2.5.13, 2.6.x prior to 2.6.10, 2.7.x prior to 2.7.4, and 2.8.x prior to 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote malicious user...
Postfix Postfix 2.3.16
Postfix Postfix 2.3.18
Postfix Postfix 2.0.10
Postfix Postfix 2.4.10
Postfix Postfix 2.5.0
Postfix Postfix 2.4
Postfix Postfix 2.3.11
Postfix Postfix 2.0.14
Postfix Postfix 2.0.17
Postfix Postfix 2.2.7
Postfix Postfix 2.0.16
Postfix Postfix 2.3.6
Postfix Postfix 2.1.5
Postfix Postfix 2.5.9
Postfix Postfix 2.3.0
Postfix Postfix 2.0.6
Postfix Postfix 2.2.4
Postfix Postfix 2.0.15
Postfix Postfix 2.5.2
Postfix Postfix 2.4.15
Postfix Postfix 2.5.12
Postfix Postfix 2.4.0
2 Nmap scripts
1 Github repository
NA
CVE-2008-4042
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3889. Reason: This candidate is a duplicate of CVE-2008-3889. Notes: All CVE users should reference CVE-2008-3889 instead of this candidate. All references and descriptions in this candidate have been removed...
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
log injection
CVE-2024-37079
type confusion
CVE-2024-32943
CVE-2024-30103
CVE-2024-37350
arbitrary code
CVE-2024-6189
CVE-2024-6225
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started