Spamassassin
by Apache
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-2447 | 0.09 | — | 0.76 | Jun 6, 2006 | SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username. | |||
| CVE-2007-0451 | 0.03 | — | 0.33 | Feb 16, 2007 | Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage." | |||
| CVE-2005-3351 | 0.01 | — | 0.18 | Nov 20, 2005 | SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl. | |||
| CVE-2005-1266 | 0.00 | — | 0.06 | Jun 15, 2005 | Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries. |
- CVE-2006-2447Jun 6, 2006risk 0.09cvss —epss 0.76
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
- CVE-2007-0451Feb 16, 2007risk 0.03cvss —epss 0.33
Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
- CVE-2005-3351Nov 20, 2005risk 0.01cvss —epss 0.18
SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl.
- CVE-2005-1266Jun 15, 2005risk 0.00cvss —epss 0.06
Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.