SMTP-Related CVEs
A comprehensive list of Common Vulnerabilities and Exposures (CVEs) related to SMTP servers and clients.
| CVE ID | Description | Severity | CVSS Score | Published | Actions |
|---|---|---|---|---|---|
| CVE-2023-34011 | Exim before 4.96.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted SMTP session. | Critical | 9.8 | 2023-06-15 | Details |
| CVE-2022-30333 | RARLAB UnRAR in Postfix SMTP server before 6.12 contains a path traversal vulnerability that can be leveraged for remote code execution. | Critical | 9.1 | 2022-05-30 | Details |
| CVE-2021-41991 | Sendmail before 8.17.1 allows SMTP command injection via a crafted envelope-from address. | High | 8.6 | 2021-10-12 | Details |
| CVE-2020-28017 | Postfix before 3.5.8 allows SMTP command injection via a crafted SMTP session that triggers a buffer overflow. | High | 7.5 | 2020-11-03 | Details |
| CVE-2019-10149 | Exim before 4.92 allows remote attackers to execute arbitrary commands as root via a crafted SMTP session. | Critical | 9.8 | 2019-06-05 | Details |
| CVE-2018-10583 | Microsoft Exchange Server allows remote attackers to bypass the SMTP authentication via a specific sequence of SMTP commands. | Medium | 6.5 | 2018-04-22 | Details |
| CVE-2017-5461 | Mozilla Thunderbird before 52.0 allows remote attackers to execute arbitrary code via crafted SMTP responses that trigger memory corruption. | Critical | 9.3 | 2017-03-10 | Details |
| CVE-2016-9963 | Postfix before 3.1.4 allows SMTP command injection via a crafted SMTP session that triggers a buffer overflow in the smtpd process. | High | 8.0 | 2016-12-15 | Details |