GCVE - cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*

part: a version: 8.9.3 update: *

Vendor	Sendmail (`c8b2f50b-c776-57dd-b04e-872c5d7ad905`)
Product	Sendmail (`ad22b575-b05b-5921-b062-6676964a2b92`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-3956`	vulnerable	2026-06-08 05:05:43.617742	Details available The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program. Published: 2014-06-04T10:00:00.000Z Updated: 2024-08-06T10:57:18.265Z Open on db.gcve.eu Reference links https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05216368 http://secunia.com/advisories/58628 http://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A11.sendmail.asc http://www.mandriva.com/security/advisories?name=MDVSA-2015:128 http://packetstormsecurity.com/files/126975/Slackware-Security-Advisory-sendmail-Updates.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-4565`	vulnerable	2026-06-08 04:51:48.918136	Details available sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Published: 2010-01-04T21:00:00.000Z Updated: 2024-08-07T07:08:38.091Z Open on db.gcve.eu Reference links http://secunia.com/advisories/38314 http://security.gentoo.org/glsa/glsa-201206-30.xml http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021797.1-1 http://secunia.com/advisories/39088 http://www.vupen.com/english/advisories/2009/3661	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-1490`	vulnerable	2026-06-08 04:51:23.439129	Details available Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header. Published: 2009-05-05T19:00:00.000Z Updated: 2024-08-07T05:13:25.560Z Open on db.gcve.eu Reference links http://www.sendmail.org/releases/8.13.2 http://www.nmrc.org/~thegnome/blog/apr09/ https://exchange.xforce.ibmcloud.com/vulnerabilities/50355	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-2246`	vulnerable	2026-06-08 04:49:44.512826	Details available Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: due to the lack of details from HP, it is not known whether this issue is a duplicate of another CVE such as CVE-2006-1173 or CVE-2006-4434. Published: 2007-04-25T16:00:00.000Z Updated: 2024-08-07T13:33:28.308Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1017966 http://www.securityfocus.com/bid/23606 http://www.kb.cert.org/vuls/id/349305 http://secunia.com/advisories/24990 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00841370	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-1173`	vulnerable	2026-06-08 04:48:56.410482	Details available Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files. Published: 2006-06-07T23:00:00.000Z Updated: 2024-08-07T17:03:28.441Z Open on db.gcve.eu Reference links http://www-1.ibm.com/support/search.wss?rs=0&q=IY85415&apar=only http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635 http://www.debian.org/security/2006/dsa-1155 http://www.openbsd.org/errata38.html#sendmail2 http://secunia.com/advisories/20684	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2005-2070`	vulnerable	2026-06-08 04:48:28.250171	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2003-0694`	vulnerable	2026-06-08 04:47:22.237783	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2003-0681`	vulnerable	2026-06-08 04:47:22.184733	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2003-0308`	vulnerable	2026-06-08 04:47:21.297954	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2003-0161`	vulnerable	2026-06-08 04:47:20.852079	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-2261`	vulnerable	2026-06-08 04:47:19.562424	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-1827`	vulnerable	2026-06-08 04:47:18.270774	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.