|Max CVSS||10.0||Min CVSS||4.7||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This
|29-04-2022 - 13:24||29-01-2020 - 16:15|
OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.
|01-01-2022 - 19:30||25-02-2020 - 17:15|
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the se
|04-05-2021 - 18:15||25-02-2020 - 17:15|