Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
postfix vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2021-33912
libspf2 prior to 1.2.11 has a four-byte heap-based buffer overflow that might allow remote malicious users to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_reco...
Libspf2 Project Libspf2
Debian Debian Linux 9.0
5
CVSSv2
CVE-2013-7176
config/filter.d/postfix.conf in the postfix filter in Fail2ban prior to 0.8.11 allows remote malicious users to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.
Fail2ban Fail2ban 0.8.3
Fail2ban Fail2ban 0.8.2
Fail2ban Fail2ban 0.7.5
Fail2ban Fail2ban 0.7.4
Fail2ban Fail2ban 0.5.5
Fail2ban Fail2ban 0.5.4
Fail2ban Fail2ban 0.5.3
Fail2ban Fail2ban 0.3.0
Fail2ban Fail2ban 0.1.2
Fail2ban Fail2ban 0.8.5
Fail2ban Fail2ban 0.8.4
Fail2ban Fail2ban 0.7.7
Fail2ban Fail2ban 0.7.6
Fail2ban Fail2ban 0.6.1
Fail2ban Fail2ban 0.6.0
Fail2ban Fail2ban 0.4.0
Fail2ban Fail2ban 0.3.1
Fail2ban Fail2ban 0.8.7
Fail2ban Fail2ban 0.8.6
Fail2ban Fail2ban 0.7.9
Fail2ban Fail2ban 0.7.8
Fail2ban Fail2ban 0.7.1
NA
CVE-2022-3569
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.
Synacor Zimbra Collaboration Suite
5
CVSSv2
CVE-2004-0925
Postfix on Mac OS X 10.3.x up to and including 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate.
Apple Mac Os X 10.3
Apple Mac Os X 10.3.2
Apple Mac Os X Server 10.3.1
Apple Mac Os X Server 10.3.3
Apple Mac Os X 10.3.3
Apple Mac Os X 10.3.4
Apple Mac Os X 10.3.5
Apple Mac Os X Server 10.3
Apple Mac Os X Server 10.3.5
Apple Mac Os X 10.3.1
Apple Mac Os X Server 10.3.2
Apple Mac Os X Server 10.3.4
9.3
CVSSv2
CVE-2021-33913
libspf2 prior to 1.2.11 has a heap-based buffer overflow that might allow remote malicious users to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c. The a...
Libspf2 Project Libspf2
5
CVSSv2
CVE-2021-35525
PostSRSd prior to 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if ther...
Postsrsd Project Postsrsd
NA
CVE-2023-52626
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context Indirection (*) is of lower precedence than postfix increment (++). Logic in napi_poll context would cause an out-of-bound read by fi...
7.5
CVSSv2
CVE-2005-0107
bsmtpd 2.3 and previous versions does not properly sanitize e-mail addresses, which allows remote malicious users to execute arbitrary commands.
Debian Bsmtpd
NA
CVE-2024-27305
aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacke...
5
CVSSv2
CVE-2005-1127
Format string vulnerability in the log function in Net::Server 0.87 and previous versions, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and previous versions, and possibly other products, allows remote malicious users to cause a denial of service (crash) via forma...
Postgrey Postgrey 1.18
Postgrey Postgrey
Postgrey Postgrey 1.17
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »