彙總 mailscanner 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 路徑處理缺陷與輸入驗證問題 相關,可能在 軟體部署與生產負載 場景中帶來 檔案覆寫與異常行為 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2010-3292 | The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing. | [email protected] | 5.5 | 0.17% | 2019-11-12 | 2026-06-16 |
| CVE-2010-3095 | mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313. | [email protected] | 4.7 | 0.34% | 2019-11-12 | 2026-06-16 |
| CVE-2010-3293 | mailscanner can allow local users to prevent virus signatures from being updated | [email protected] | 5.5 | 0.37% | 2019-10-28 | 2026-06-16 |
| CVE-2008-5313 | mailscanner 4.68.8 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) avast-autoupdate, and (4) f-prot-6-autoupdate scripts in /etc/MailScanner/autoupdate/; the (5) bitdefender-wrapper, (6) kaspersky-wrapper, (7) clamav-wrapper, and (8) rav-wrapper scripts in /etc/MailScanner/wrapper/; the (9) Quarantine.pm, (10) TNEF.pm, (11) MessageBatch.pm, (12) W | [email protected] | 6.9 | 0.30% | 2008-12-03 | 2026-06-16 |
| CVE-2008-5312 | mailscanner 4.55.10 and other versions before 4.74.16-1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files used by the (1) f-prot-autoupdate, (2) clamav-autoupdate, (3) panda-autoupdate.new, (4) trend-autoupdate.new, and (5) rav-autoupdate.new scripts in /etc/MailScanner/autoupdate/, a different vulnerability than CVE-2008-5140. | [email protected] | 6.9 | 0.30% | 2008-12-03 | 2026-06-16 |
| CVE-2005-3470 | SQL injection vulnerability in in the authenticate function in MailWatch for MailScanner 1.0.2 allows remote attackers to execute arbitrary SQL commands. | [email protected] | 7.5 | 1.33% | 2005-11-02 | 2026-06-16 |
| CVE-2005-1706 | Unknown vulnerability in MailScanner 4.41.3 and earlier, related to "incomplete reporting of viruses in zip files," allows remote attackers to bypass virus detection. | [email protected] | 7.5 | 1.44% | 2005-05-24 | 2026-06-16 |
| CVE-2002-2228 | MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers to bypass protection via attachments with a filename with (1) extra leading spaces, (2) extra trailing spaces, or (3) alternate character encodings that cannot be processed by MailScanner. | [email protected] | 6.4 | 1.12% | 2002-12-31 | 2026-06-16 |