Filtered by vendor Sendmail
Subscriptions
Filtered by product Sendmail
Subscriptions
Total
33 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2003-0688 | 6 Compaq, Freebsd, Openbsd and 3 more | 7 Tru64, Freebsd, Openbsd and 4 more | 2025-04-03 | N/A |
| The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data. | ||||
| CVE-2006-0058 | 2 Redhat, Sendmail | 2 Enterprise Linux, Sendmail | 2025-04-03 | N/A |
| Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations. | ||||
| CVE-2001-0714 | 1 Sendmail | 1 Sendmail | 2025-04-03 | N/A |
| Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to cause a denial of service (data loss) by (1) setting a high initial message hop count option (-h), which causes Sendmail to drop queue entries, (2) via the -qR option, or (3) via the -qS option. | ||||
| CVE-1999-1580 | 2 Sendmail, Sun | 2 Sendmail, Sunos | 2025-04-03 | N/A |
| SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option. | ||||
| CVE-2003-0694 | 12 Apple, Compaq, Freebsd and 9 more | 20 Mac Os X, Mac Os X Server, Tru64 and 17 more | 2025-04-03 | N/A |
| The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. | ||||
| CVE-1999-0478 | 1 Sendmail | 1 Sendmail | 2025-04-03 | N/A |
| Denial of service in HP-UX sendmail 8.8.6 related to accepting connections. | ||||
| CVE-1999-1109 | 1 Sendmail | 1 Sendmail | 2025-04-03 | N/A |
| Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated. | ||||
| CVE-1999-1309 | 1 Sendmail | 1 Sendmail | 2025-04-03 | N/A |
| Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option. | ||||
| CVE-1999-1592 | 2 Sendmail, Sun | 2 Sendmail, Sunos | 2025-04-03 | N/A |
| Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129. | ||||
| CVE-2001-0715 | 1 Sendmail | 1 Sendmail | 2025-04-03 | N/A |
| Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode. | ||||
| CVE-2001-1349 | 2 Redhat, Sendmail | 2 Linux, Sendmail | 2025-04-03 | N/A |
| Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers. | ||||
| CVE-2023-51765 | 3 Freebsd, Redhat, Sendmail | 3 Freebsd, Enterprise Linux, Sendmail | 2024-11-21 | 5.3 Medium |
| sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features. | ||||
| CVE-2021-3618 | 5 Debian, F5, Fedoraproject and 2 more | 5 Debian Linux, Nginx, Fedora and 2 more | 2024-11-21 | 7.4 High |
| ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. | ||||