Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sendmail vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2020-28247
The lettre library up to and including 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs.
Lettre Lettre 0.7.0
Lettre Lettre
Lettre Lettre 0.10.0
4.4
CVSSv3
CVE-2020-36772
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.
Cloudlinux Cagefs
4.3
CVSSv3
CVE-2019-12938
The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI.
Analogic Poste.io 2.1.6
NA
CVE-2017-5181
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-7692. Reason: This candidate is a reservation duplicate of CVE-2017-7692. Notes: All CVE users should reference CVE-2017-7692 instead of this candidate. All references and descriptions in this candidate have ...
1 Article
NA
CVE-2016-1003
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10033. Reason: This candidate is a duplicate of CVE-2016-10033. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2016-10033 instead of this candidate. All references and descri...
1 EDB exploit
NA
CVE-2016-1004
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none
1 EDB exploit
NA
CVE-2014-8809
Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposium plugin prior to 14.11 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) text parameter in an addComment action to ajax/profile_functions.php, (2) compose_text param...
Wpsymposiumpro Wp Symposium
NA
CVE-2014-3956
The sm_close_on_exec function in conf.c in sendmail prior to 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.
Freebsd Freebsd
Hp Hpux
Fedoraproject Fedora 20
Sendmail Sendmail 8.7.7
Sendmail Sendmail 8.7.8
Sendmail Sendmail 8.10
Sendmail Sendmail 8.10.0
Sendmail Sendmail 8.10.1
Sendmail Sendmail 8.7.9
Sendmail Sendmail 8.8.8
Sendmail Sendmail 8.10.2
Sendmail Sendmail 8.11.0
Sendmail Sendmail 8.11.5
Sendmail Sendmail 8.11.6
Sendmail Sendmail 8.12.3
Sendmail Sendmail 8.12.4
Sendmail Sendmail 8.14.7
Sendmail Sendmail 8.14.6
Sendmail Sendmail 8.14.5
Sendmail Sendmail 8.13.7
Sendmail Sendmail 8.13.6
Sendmail Sendmail 8.11.7
NA
CVE-2013-3729
Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS prior to 2 r1232 allow remote malicious users to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send action in the sendmail ...
Kasseler-cms Kasseler-cms
1 EDB exploit
NA
CVE-2012-2140
The Mail gem prior to 2.4.3 for Ruby allows remote malicious users to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.
Rubygems Mail Gem
Rubygems Mail Gem 2.3.3
Rubygems Mail Gem 2.3.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »