CVSS: 7.8EPSS: 2%CPEs: 6EXPL: 1CVE-2004-2771 – mailx: command execution flaw
https://notcve.org/view.php?id=CVE-2004-2771
16 Dec 2014 — The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address. La función extendida en fio.c en Heirloom mailx 12.5 y anteriores y BSD mailx 8.1.2 y anteriores permite a atacantes remotos ejecutar comandos arbitrarios a través metacaracteres de shell en una dirección de correo electrónico. A flaw was found in the way mailx handled the parsing of email addresses. A syntacticall... • http://linux.oracle.com/errata/ELSA-2014-1999.html • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 2CVE-2000-0545 – BSD 'mailx' 8.1.1-10 - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2000-0545
12 Jul 2000 — Buffer overflow in mailx mail command (aka Mail) on Linux systems allows local users to gain privileges via a long -c (carbon copy) parameter. • https://www.exploit-db.com/exploits/19991 •