CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-11780

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1420%
EPSS Percentile31.04th
Published2018年9月17日
Last Modified2024年11月21日

Vulnerability Description

A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.

Affected Platforms (CPE)

📦
Apache

Spamassassin

< 3.4.2
📦
Pdfinfo Project

Pdfinfo

All versions
💻
Canonical

Ubuntu Linux

= 12.04
💻
Canonical

Ubuntu Linux

= 14.04
💻
Canonical

Ubuntu Linux

= 16.04
💻
Canonical

Ubuntu Linux

= 18.04
💻
Debian

Debian Linux

= 8.0

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html
🔗 http://www.securityfocus.com/bid/105373
🔗 https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E
🔗 https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html
🔗 https://security.gentoo.org/glsa/201812-07
🔗 https://usn.ubuntu.com/3811-1/
🔗 https://usn.ubuntu.com/3811-3/
🔗 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html

相關漏洞威脅

CVE-2020-19469.8

In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any...

CVE-2010-11329.3

The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote a...

CVE-2020-19318.1

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files c...

CVE-2020-19308.1

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) fi...