Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

11 – 20 of 21 results


CVE-2011-0411

Medium priority
Fixed

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into...

1 affected packages

postfix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
postfix
Show less packages

CVE-2009-2939

Negligible priority

Some fixes available 5 of 7

The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.

1 affected packages

postfix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
postfix
Show less packages

CVE-2008-4977

Low priority
Ignored

** DISPUTED ** postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message...

1 affected packages

postfix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
postfix
Show less packages

CVE-2008-3889

Low priority
Fixed

Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of...

1 affected packages

postfix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
postfix
Show less packages

CVE-2008-2937

Low priority
Not affected

Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding...

1 affected packages

postfix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
postfix
Show less packages

CVE-2008-2936

Low priority
Fixed

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned...

1 affected packages

postfix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
postfix
Show less packages

CVE-2007-3791

Unknown priority

Some fixes available 6 of 8

Buffer overflow in the w_read function in sockets.c in Cami Sardinha and Nigel Kukard policyd before 1.81 for Postfix allows remote attackers to cause a denial of service and possibly execute arbitrary code via long SMTP commands....

1 affected packages

postfix-policyd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
postfix-policyd
Show less packages

CVE-2006-2314

Unknown priority

Some fixes available 21 of 24

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte...

14 affected packages

amarok, dovecot, exim4, libapache2-mod-auth-pgsql, php5...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
amarok
dovecot
exim4
libapache2-mod-auth-pgsql
php5
postfix
postgresql
postgresql-7.4
postgresql-8.1
postgresql-8.2
psycopg
psycopg2
pygresql
python-pgsql
Show all 14 packages Show less packages

CVE-2005-1100

Unknown priority
Not affected

Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog.

1 affected packages

postfix-gld

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
postfix-gld
Show less packages

CVE-2005-0337

Unknown priority
Fixed

Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.

1 affected packages

postfix

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
postfix
Show less packages