Mailscanner » Mailscanner : Security Vulnerabilities, CVEs, Published In 2019 CVSS score >= 1
mailscanner can allow local users to prevent virus signatures from being updated
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-10-28
Updated
2019-10-30
The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing.
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-11-12
Updated
2019-11-15
mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313.
Max CVSS
4.7
EPSS Score
0.04%
Published
2019-11-12
Updated
2019-11-15
3 vulnerabilities found