Product:

Spamassassin

(Apache)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 13
Date Id Summary Products Score Patch Annotated
2018-09-17 CVE-2018-11781 Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. Spamassassin, Ubuntu_linux, Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation 7.8
2019-12-12 CVE-2018-11805 In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places. Spamassassin, Debian_linux 6.7
2019-12-12 CVE-2019-12420 In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly. Spamassassin, Debian_linux 7.5
2005-06-15 CVE-2005-1266 Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries. Spamassassin N/A
2007-02-16 CVE-2007-0451 Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage." Spamassassin N/A
2006-06-06 CVE-2006-2447 SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username. Spamassassin N/A
2005-11-20 CVE-2005-3351 SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl. Spamassassin N/A