Search CVE reports
1 – 10 of 21 results
CVE-2023-51764
Medium prioritySome fixes available 6 of 7
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote...
1 affected packages
postfix
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| postfix | — | Fixed | Fixed | Fixed | Fixed |
CVE-2023-32182
Medium priorityA Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5...
1 affected packages
postfix
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| postfix | — | Not affected | Not affected | Not affected | Not affected |
CVE-2023-28447
High prioritySome fixes available 3 of 24
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser...
4 affected packages
civicrm, postfixadmin, smarty3, smarty4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| civicrm | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| postfixadmin | Vulnerable | Fixed | Fixed | Fixed | Not affected |
| smarty3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| smarty4 | Needs evaluation | Not in release | Not in release | Not in release | Ignored |
CVE-2022-31129
Medium prioritySome fixes available 4 of 82
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment...
11 affected packages
gnucash, mediawiki, node-moment, ntopng, odoo...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnucash | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| mediawiki | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| node-moment | Not affected | Fixed | Fixed | Fixed | Needs evaluation |
| ntopng | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| odoo | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
| omnidb | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
| postfixadmin | Vulnerable | Fixed | Not affected | Not affected | Not affected |
| ruby-momentjs-rails | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
| sabnzbdplus | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| syncthing | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| wordpress | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-29221
Medium prioritySome fixes available 8 of 29
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or...
6 affected packages
collabtive, galette, gosa, postfixadmin, smarty3, smarty4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| collabtive | — | — | — | — | Needs evaluation |
| galette | — | — | — | — | Needs evaluation |
| gosa | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| postfixadmin | Not affected | Fixed | Fixed | Fixed | Not affected |
| smarty3 | Fixed | Fixed | Needs evaluation | Needs evaluation | Needs evaluation |
| smarty4 | Needs evaluation | — | — | — | — |
CVE-2020-12063
Medium priority** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o' character. This...
1 affected packages
postfix
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| postfix | — | — | Not affected | Not affected | Not affected |
CVE-2019-16791
Medium priorityIn postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy.
1 affected packages
postfix-mta-sts-resolver
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| postfix-mta-sts-resolver | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
CVE-2017-5930
Medium priorityThe AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.
1 affected packages
postfixadmin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| postfixadmin | — | — | — | Not affected | Not affected |
CVE-2014-2655
Medium prioritySQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias.
1 affected packages
postfixadmin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| postfixadmin | — | — | — | — | — |
CVE-2011-1720
Medium priorityThe SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication...
1 affected packages
postfix
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| postfix | — | — | — | — | — |