CVSS: 5.3EPSS: 1%CPEs: 4EXPL: 1CVE-2023-51765
https://notcve.org/view.php?id=CVE-2023-51765
24 Dec 2023 — sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features. sendmail hasta al menos 8.14.7 permite el contrabando SMTP en ciertas configuraciones. • http://www.openwall.com/lists/oss-security/2023/12/24/1 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2006-7175
https://notcve.org/view.php?id=CVE-2006-7175
27 Mar 2007 — The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired. La version de Sendmail 8.13.1-2 en Red Hat Enterprise Linux 4 Update 4 y anteriores no permiten al administrador deshabilitar la encriptación SSLv2, lo cual podría provocar que se pudieran usar canales menos seguros de lo deseado. • https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172352 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2006-7176 – sendmail allows external mail with from address xxx@localhost.localdomain
https://notcve.org/view.php?id=CVE-2006-7176
27 Mar 2007 — The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages. La versión de Sendmail 8.13.1-2 en Red Hat Enterprise Linux 4 Update 4 y anteriores no rechazan el nombre de dominio "localhost.localdomain" para mensajes de correo electrónico que provienen de estaciones externas, lo cual podría permitir a atacantes remotos falsific... • http://secunia.com/advisories/25098 •
CVSS: 7.5EPSS: 1%CPEs: 26EXPL: 0CVE-2003-0688
https://notcve.org/view.php?id=CVE-2003-0688
03 Sep 2003 — The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data. • ftp://patches.sgi.com/support/free/security/advisories/20030803-01-P •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 1CVE-1999-0130 – BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon
https://notcve.org/view.php?id=CVE-1999-0130
16 Nov 1996 — Local users can start Sendmail in daemon mode and gain root privileges. • https://www.exploit-db.com/exploits/19556 •
CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-1999-0131
https://notcve.org/view.php?id=CVE-1999-0131
11 Sep 1996 — Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. • http://www.securityfocus.com/bid/717 •