CVE-2024-25768
- EPSS 0.05%
- Published 26.02.2024 18:15:07
- Last modified 01.05.2025 15:01:40
OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in /OpenDMARC/libopendmarc/opendmarc_policy.c.
CVE-2021-34555
- EPSS 0.48%
- Published 10.06.2021 15:15:09
- Last modified 21.11.2024 06:10:39
OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field.
CVE-2020-12460
- EPSS 14.59%
- Published 27.07.2020 23:15:12
- Last modified 21.11.2024 04:59:44
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cau...
CVE-2019-20790
- EPSS 0.23%
- Published 27.04.2020 14:15:11
- Last modified 21.11.2024 04:39:22
OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field.
CVE-2020-12272
- EPSS 1.02%
- Published 27.04.2020 14:15:11
- Last modified 21.11.2024 04:59:25
OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication res...
CVE-2019-16378
- EPSS 1.25%
- Published 17.09.2019 12:15:10
- Last modified 21.11.2024 04:30:36
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message.