Search for packages
| purl | pkg:deb/debian/sendmail@8.15.2-22%2Bdeb11u3?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-u8aq-2qhu-gff5
Aliases: CVE-2021-3618 |
ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-28we-h9bn-4ubd | A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1. |
CVE-2022-31256
|
| VCID-3fjk-gqgc-3yhs | Sendmail is vulnerable to a race condition which could lead to the execution of arbitrary code with sendmail privileges. |
CVE-2006-0058
|
| VCID-3k8z-tghq-cbdh | sendmail: long first header can overflow into message body |
CVE-2009-1490
|
| VCID-6r2h-krab-7kfb | sendmail allows external mail with from address xxx@localhost.localdomain |
CVE-2006-7176
|
| VCID-7f7m-pgk8-jqff | Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server. |
CVE-2002-0906
|
| VCID-8g11-dp5v-yycj | security flaw |
CVE-2003-0688
|
| VCID-8g7g-jc7b-f3fd | security flaw |
CVE-2002-1165
|
| VCID-8x67-725v-huh9 | SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option. |
CVE-1999-1580
|
| VCID-9kez-3pxn-k7gr | Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages. |
CVE-2004-0833
|
| VCID-axw2-9wxf-skes | security flaw |
CVE-2003-0694
|
| VCID-dk9t-39dj-cud4 | An error in the hostname matching in sendmail might enable remote attackers to conduct man-in-the-middle attacks. |
CVE-2009-4565
|
| VCID-fgbr-mydh-7bhx | Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected." |
CVE-2006-4434
|
| VCID-fm43-r24t-h7ez | security flaw |
CVE-2003-0161
|
| VCID-gycy-hbda-p3ht | A vulnerability in sendmail could allow a local attacker to obtain sensitive information. |
CVE-2014-3956
|
| VCID-m7np-crvq-p3dc | Faulty multipart MIME messages can cause forked Sendmail processes to crash. |
CVE-2006-1173
|
| VCID-mngh-1224-uucj | security flaw |
CVE-2002-1337
|
| VCID-p9fa-ter1-3ker | The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl. |
CVE-2003-0308
|
| VCID-pmae-5146-27dt | security flaw |
CVE-2003-0681
|
| VCID-qzm7-bmk8-9fgf | sendmail: SMTP smuggling vulnerability |
CVE-2023-51765
|
| VCID-rn5g-z7bd-6qbv | Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files. |
CVE-2002-1827
|
| VCID-s44j-pgfp-zfbt | Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129. |
CVE-1999-1592
|
| VCID-v6wg-pqrr-z7dm | Sendmail allows SSLv2 during STARTTLS, and the CipherList config option isn't supported so you can't turn it off |
CVE-2006-7175
|
| VCID-y9e6-ugss-hbc8 | Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname. |
CVE-2002-2261
|