Max CVSS | 6.9 | Min CVSS | 6.8 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2011-0411 | 6.8 |
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sess
|
10-08-2021 - 12:15 | 16-03-2011 - 22:55 | |
CVE-2011-1720 | 6.8 |
The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows
|
09-10-2018 - 19:31 | 13-05-2011 - 17:05 | |
CVE-2009-2939 | 6.9 |
The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.
|
24-08-2011 - 03:02 | 21-09-2009 - 19:30 |