Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sendmail sendmail vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2020-36772
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.
Cloudlinux Cagefs
NA
CVE-2023-51765
sendmail up to and including 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmai...
Sendmail Sendmail
Freebsd Freebsd
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
3 Github repositories
NA
CVE-2023-38193
An issue exists in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line.
Superwebmailer Superwebmailer 9.00.0.01710
NA
CVE-2023-3092
The SMTP Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.2.16 due to insufficient input sanitization and output escaping when the 'Save Data SendMail' feature is enabled. This makes it possi...
Photoboxone Smtp Mail
NA
CVE-2022-31256
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local malicious users to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail vers...
Opensuse Factory
10
CVSSv2
CVE-2021-40643
EyesOfNetwork prior to 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any com...
Eyesofnetwork Eyesofnetwork
4.3
CVSSv2
CVE-2022-0741
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an malicious user to steal environment variables via specially crafted email addresses.
Gitlab Gitlab
5.8
CVSSv2
CVE-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer c...
F5 Nginx
Sendmail Sendmail
Vsftpd Project Vsftpd
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 10.0
1 Github repository
9
CVSSv2
CVE-2021-3584
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity a...
Theforeman Foreman
Theforeman Foreman 3.0.0
Redhat Satellite 6.0
5
CVSSv2
CVE-2020-28247
The lettre library up to and including 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs.
Lettre Lettre 0.7.0
Lettre Lettre
Lettre Lettre 0.10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »