Vulnerabilities > Sendmail
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-24 | CVE-2023-51765 | Insufficient Verification of Data Authenticity vulnerability in multiple products sendmail through 8.17.2 allows SMTP smuggling in certain configurations. | 5.3 |
| 2022-03-23 | CVE-2021-3618 | Improper Certificate Validation vulnerability in multiple products ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. | 7.4 |
| 2014-06-04 | CVE-2014-3956 | Information Exposure vulnerability in multiple products The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program. | 1.9 |
| 2010-01-04 | CVE-2009-4565 | Cryptographic Issues vulnerability in Sendmail sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 7.5 |
| 2009-05-05 | CVE-2009-1490 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sendmail Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header. | 5.0 |
| 2007-04-25 | CVE-2007-2246 | Resource Management Errors vulnerability in Sendmail 8.11.1/8.9.3 Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors. | 7.8 |
| 2007-03-27 | CVE-2006-7176 | Localhost.Localdomain Email Spoofing vulnerability in Sendmail 8.13.1.2 The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages. | 4.3 |
| 2007-03-27 | CVE-2006-7175 | Remote Security vulnerability in Sendmail 8.13.1.2 The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired. | 7.5 |
| 2006-08-29 | CVE-2006-4434 | Use After Free vulnerability in Sendmail Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. | 7.5 |
| 2006-06-07 | CVE-2006-1173 | Resource Management Errors vulnerability in Sendmail Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files. | 5.0 |