qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability. A local attacker can test for the existence of files and directories anywhere in the filesystem because qmail-verify runs as root and tests for the existence of files in the attacker's home directory,...
5.5CVSS
6.7AI Score
0.0004EPSS
qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass...
7.5CVSS
8.3AI Score
0.002EPSS
The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS....
6.7AI Score
0.011EPSS