Vulnerabilities > Apache > Spamassassin > 3.4.2

DATE CVE VULNERABILITY TITLE RISK
2021-03-25 CVE-2020-1946 OS Command Injection vulnerability in multiple products
In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors.
network
low complexity
apache debian fedoraproject CWE-78
critical
 9.8
9.8
2020-01-30 CVE-2020-1931 OS Command Injection vulnerability in Apache Spamassassin
A command execution issue was found in Apache SpamAssassin prior to 3.4.3.
network
high complexity
apache CWE-78
8.1
8.1
2020-01-30 CVE-2020-1930 OS Command Injection vulnerability in Apache Spamassassin
A command execution issue was found in Apache SpamAssassin prior to 3.4.3.
network
high complexity
apache CWE-78
8.1
8.1
2019-12-12 CVE-2019-12420 Resource Exhaustion vulnerability in multiple products
In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources.
network
low complexity
apache debian CWE-400
7.5
7.5
2019-12-12 CVE-2018-11805 OS Command Injection vulnerability in multiple products
In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors.
local
low complexity
apache debian CWE-78
6.7
6.7