sendmail

Top products

The 15 most recently published vulnerabilities affecting sendmail.

• CVE-2023-51765sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allo...5.3Dec 24, 2023
• CVE-2021-3618ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certifi...7.4Mar 23, 2022
• CVE-2014-3956The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unin...1.9Jun 4, 2014
• CVE-2009-4565sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP ...7.5Jan 4, 2010
• CVE-2009-1490Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by...5.0May 5, 2009
• CVE-2002-2423Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response.6.4Nov 1, 2007
• CVE-2002-2261Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname.7.5Oct 18, 2007
• CVE-1999-1592Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129.7.5Jul 12, 2007
• CVE-2007-2246Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service v...7.8Apr 25, 2007
• CVE-2006-7176The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which ...4.3Mar 27, 2007
• CVE-2006-7175The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used t...7.5Mar 27, 2007
• CVE-2006-4434Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenc...7.5Aug 29, 2006
• CVE-2006-1173Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for pe...5.0Jun 7, 2006
• CVE-2006-0058Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to...7.6Mar 22, 2006
• CVE-2005-2070The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which preve...5.0Jun 29, 2005