Vulnerabilities > Postfix

DATE CVE VULNERABILITY TITLE RISK
2023-12-24 CVE-2023-51764 Insufficient Verification of Data Authenticity vulnerability in multiple products
Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions).
network
low complexity
postfix fedoraproject redhat CWE-345
5.3
2020-04-24 CVE-2020-12063 Unspecified vulnerability in Postfix 2.10.1
A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o' character.
network
low complexity
postfix
5.3
2018-04-16 CVE-2017-10140 Unspecified vulnerability in Postfix
Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory.
local
low complexity
postfix
7.8