Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD937AA1D6-685E-11EC-A636-000C29061CE6
HistoryApr 06, 2021 - 12:00 a.m.

OpenDMARC - Multiple vulnerabilities

2021-04-0600:00:00
vuxml.freebsd.org
24
opendmarc
vulnerabilities
signature bypass
spf bypass
false domain info injection

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.011

Percentile

84.7%

JSON

OpenDMARC releases prior to 1.4.1 are susceptible to the following
vulnerabilities:

(CVE-2019-16378) OpenDMARC through 1.3.2 and 1.4.x through
1.4.0-Beta1 is prone to a signature-bypass vulnerability with
multiple From: addresses, which might affect applications that
consider a domain name to be relevant to the origin of an e-mail
message.
(CVE-2019-20790) OpenDMARC through 1.3.2 and 1.4.x, when used
with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC
authentication in situations where the HELO field is inconsistent
with the MAIL FROM field.
(CVE-2020-12272) OpenDMARC through 1.3.2 and 1.4.x allows
attacks that inject authentication results to provide false
information about the domain that originated an e-mail
message.
(CVE-2020-12460) OpenDMARC through 1.3.2 and 1.4.x through
1.4.0-Beta1 has improper null termination in the function
opendmarc_xml_parse that can result in a one-byte heap overflow in
opendmarc_xml when parsing a specially crafted DMARC aggregate
report. This can cause remote memory corruption.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchopendmarc< 1.4.1UNKNOWN

Related

nessus 9
openvas 12
fedora 6
mageia 1
osv 9
kitploit 1
ubuntu 2
archlinux 2
debian 4
prion 4
debiancve 4
ubuntucve 4
nvd 4
cvelist 4
gentoo 1
veracode 3
cve 4
nessus
nessus
FreeBSD : OpenDMARC - Multiple vulnerabilities (937aa1d6-685e-11ec-a636-000c29061ce6)
2023-11-06 00:00:00
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : OpenDMARC vulnerabilities (USN-6356-1)
2023-09-11 00:00:00
Fedora 30 : opendmarc (2019-24b3f84f6e)
2019-10-16 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0462)
2022-01-28 00:00:00
Fedora: Security Advisory for opendmarc (FEDORA-2021-1ec3c5ed63)
2021-06-03 00:00:00
Fedora: Security Advisory for opendmarc (FEDORA-2021-433e7d72ce)
2021-06-03 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: opendmarc-1.4.1-1.fc34
2021-05-31 01:05:38
[SECURITY] Fedora 33 Update: opendmarc-1.4.1-1.fc33
2021-05-31 00:47:53
[SECURITY] Fedora 31 Update: opendmarc-1.3.2-1.fc31
2019-10-26 17:31:10
mageia
mageia
Updated opendmarc packages fix security vulnerability
2021-10-06 22:41:56
osv
osv
opendmarc vulnerabilities
2023-09-11 12:47:12
CVE-2020-12272
2020-04-27 14:15:11
opendmarc - security update
2019-09-19 00:00:00
kitploit
kitploit
Espoofer - An Email Spoofing Testing Tool That Aims To Bypass SPF/DKIM/DMARC And Forge DKIM Signatures
2022-01-14 20:30:00
ubuntu
ubuntu
OpenDMARC vulnerabilities
2023-09-11 00:00:00
OpenDMARC vulnerability
2020-10-05 00:00:00
archlinux
archlinux
[ASA-202105-13] opendmarc: multiple issues
2021-05-19 00:00:00
[ASA-202009-1] opendmarc: denial of service
2020-09-01 00:00:00
debian
debian
[SECURITY] [DLA 3546-1] opendmarc security update
2023-08-28 18:08:55
[SECURITY] [DSA 4526-1] opendmarc security update
2019-09-19 19:46:27
[SECURITY] [DSA 4526-1] opendmarc security update
2019-09-19 19:46:27
prion
prion
Authentication flaw
2020-04-27 14:15:00
Spoofing
2020-04-27 14:15:00
Security feature bypass
2019-09-17 12:15:00
debiancve
debiancve
CVE-2020-12272
2020-04-27 14:15:11
CVE-2020-12460
2020-07-27 23:15:12
CVE-2019-16378
2019-09-17 12:15:10
ubuntucve
ubuntucve
CVE-2019-20790
2020-04-27 00:00:00
CVE-2020-12460
2020-07-27 00:00:00
CVE-2019-16378
2019-09-17 00:00:00
nvd
nvd
CVE-2019-20790
2020-04-27 14:15:11
CVE-2019-16378
2019-09-17 12:15:10
CVE-2020-12272
2020-04-27 14:15:11
cvelist
cvelist
CVE-2020-12272
2020-04-27 00:00:00
CVE-2019-16378
2019-09-17 11:24:18
CVE-2019-20790
2020-04-27 14:00:46
gentoo
gentoo
OpenDMARC: Heap-based buffer overflow
2020-11-03 00:00:00
veracode
veracode
Denial Of Service(DoS)
2021-04-27 06:25:05
Privilege Escalation
2021-05-31 18:01:12
Privilege Escalation
2021-06-01 10:46:55
cve
cve
CVE-2019-20790
2020-04-27 14:15:11
CVE-2020-12460
2020-07-27 23:15:12
CVE-2019-16378
2019-09-17 12:15:10

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.011

Percentile

84.7%

JSON
Related for 937AA1D6-685E-11EC-A636-000C29061CE6
nessus9openvas12fedora6mageia1osv9kitploit1ubuntu2archlinux2debian4prion4debiancve4ubuntucve4nvd4cvelist4gentoo1veracode3cve4