rpm package
opensuse/fail2ban&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/fail2ban&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-32749 | — | < 0.11.2-3.1 | 0.11.2-3.1 | Jul 16, 2021 | fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from | ||
| CVE-2009-5023 | — | < 0.9.5-1.1 | 0.9.5-1.1 | Jun 10, 2014 | The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fa | ||
| CVE-2013-7177 | — | < 0.9.5-1.1 | 0.9.5-1.1 | Feb 1, 2014 | config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression. | ||
| CVE-2013-7176 | — | < 0.9.5-1.1 | 0.9.5-1.1 | Feb 1, 2014 | config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression. | ||
| CVE-2013-2178 | — | < 0.9.5-1.1 | 0.9.5-1.1 | Aug 28, 2013 | The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request. |
- CVE-2021-32749Jul 16, 2021affected < 0.11.2-3.1fixed 0.11.2-3.1
fail2ban is a daemon to ban hosts that cause multiple authentication errors. In versions 0.9.7 and prior, 0.10.0 through 0.10.6, and 0.11.0 through 0.11.2, there is a vulnerability that leads to possible remote code execution in the mailing action mail-whois. Command `mail` from
- CVE-2009-5023Jun 10, 2014affected < 0.9.5-1.1fixed 0.9.5-1.1
The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fa
- CVE-2013-7177Feb 1, 2014affected < 0.9.5-1.1fixed 0.9.5-1.1
config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.
- CVE-2013-7176Feb 1, 2014affected < 0.9.5-1.1fixed 0.9.5-1.1
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.
- CVE-2013-2178Aug 28, 2013affected < 0.9.5-1.1fixed 0.9.5-1.1
The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request.