Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.

Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.

Denial of service in Sendmail 8.8.6 in HPUX.

The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry.

Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers.

Denial of service in Sendmail 8.6.11 and 8.6.12.

Denial of service in HP-UX sendmail 8.8.6 related to accepting connections.

MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.

In older versions of Sendmail, an attacker could use a pipe character to execute root commands.

Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.