Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exim exim 4.70 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2011-1407
The DKIM implementation in Exim 4.7x prior to 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote malicious users to execute arbitrary code or access a filesystem via a crafted identity.
Exim Exim 4.74
Exim Exim 4.75
Exim Exim 4.72
Exim Exim 4.73
Exim Exim 4.70
Exim Exim 4.71
605
VMScore
CVE-2012-5671
Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 up to and including 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote malicious users to ...
Exim Exim 4.76
Exim Exim 4.77
Exim Exim 4.72
Exim Exim 4.73
Exim Exim 4.74
Exim Exim 4.75
Exim Exim 4.70
Exim Exim 4.71
Exim Exim 4.80
392
VMScore
CVE-2010-2023
transports/appendfile.c in Exim prior to 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user...
Exim Exim 4.10
Exim Exim 4.20
Exim Exim 4.68
Exim Exim 4.67
Exim Exim 4.60
Exim Exim 4.54
Exim Exim 4.34
Exim Exim 4.41
Exim Exim 4.42
Exim Exim
Exim Exim 4.64
Exim Exim 4.63
Exim Exim 4.51
Exim Exim 4.70
Exim Exim 4.69
Exim Exim 4.62
Exim Exim 4.61
Exim Exim 4.44
Exim Exim 4.43
Exim Exim 4.21
Exim Exim 4.33
Exim Exim 4.50
392
VMScore
CVE-2010-2024
transports/appendfile.c in Exim prior to 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
Exim Exim
Exim Exim 4.70
Exim Exim 4.63
Exim Exim 4.62
Exim Exim 4.44
Exim Exim 4.43
Exim Exim 4.22
Exim Exim 4.21
Exim Exim 4.10
Exim Exim 4.20
Exim Exim 4.69
Exim Exim 4.68
Exim Exim 4.61
Exim Exim 4.60
Exim Exim 4.54
Exim Exim 4.34
Exim Exim 4.33
Exim Exim 4.41
Exim Exim 4.42
Exim Exim 4.65
Exim Exim 4.64
Exim Exim 4.51
409
VMScore
CVE-2014-2972
expand.c in Exim prior to 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.
Exim Exim 4.77
Exim Exim 4.76
Exim Exim 4.69
Exim Exim 4.68
Exim Exim 4.61
Exim Exim 4.60
Exim Exim 4.42
Exim Exim 4.41
Exim Exim 4.24
Exim Exim 4.23
Exim Exim 4.10
Exim Exim 4.05
Exim Exim 4.75
Exim Exim 4.74
Exim Exim 4.67
Exim Exim 4.66
Exim Exim 4.54
Exim Exim 4.53
Exim Exim 4.40
Exim Exim 4.34
Exim Exim 4.22
Exim Exim 4.21
605
VMScore
CVE-2014-2957
The dmarc_process function in dmarc.c in Exim prior to 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote malicious users to execute arbitrary code via the From header in an email, which is passed to the expand_string function.
Exim Exim 4.77
Exim Exim 4.76
Exim Exim 4.75
Exim Exim 4.74
Exim Exim 4.60
Exim Exim 4.54
Exim Exim 4.53
Exim Exim 4.52
Exim Exim 4.24
Exim Exim 4.23
Exim Exim 4.22
Exim Exim 4.21
Exim Exim 4.20
Exim Exim 4.80.1
Exim Exim 4.72
Exim Exim 4.70
Exim Exim 4.65
Exim Exim 4.63
Exim Exim 4.61
Exim Exim 4.51
Exim Exim 4.44
Exim Exim 4.32
780
VMScore
CVE-2011-1764
Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim prior to 4.76 might allow remote malicious users to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstra...
Exim Exim 4.50
Exim Exim 4.44
Exim Exim 4.63
Exim Exim 4.62
Exim Exim 4.61
Exim Exim 4.21
Exim Exim 4.22
Exim Exim 4.41
Exim Exim 4.40
Exim Exim 4.03
Exim Exim 4.02
Exim Exim 3.32
Exim Exim 3.31
Exim Exim 3.14
Exim Exim 3.13
Exim Exim 2.12
Exim Exim 2.11
Exim Exim 4.74
Exim Exim
Exim Exim 4.51
Exim Exim 4.30
Exim Exim 4.64
2 Nmap scripts
1 Github repository
805
VMScore
CVE-2010-4345
Exim 4.72 and previous versions allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
Exim Exim 2.11
Exim Exim 4.70
Exim Exim 4.69
Exim Exim 4.66
Exim Exim 4.10
Exim Exim 3.16
Exim Exim 3.21
Exim Exim 3.01
Exim Exim 3.31
Exim Exim 4.24
Exim Exim 3.33
Exim Exim 3.30
Exim Exim
Exim Exim 4.30
Exim Exim 4.21
Exim Exim 4.03
Exim Exim 4.51
Exim Exim 4.71
Exim Exim 4.67
Exim Exim 4.63
Exim Exim 4.00
Exim Exim 4.43
1 EDB exploit
2 Metasploit modules
2 Nmap scripts
614
VMScore
CVE-2011-0017
The open_log function in log.c in Exim 4.72 and previous versions does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
Exim Exim 4.43
Exim Exim 4.34
Exim Exim 4.61
Exim Exim 4.60
Exim Exim 4.42
Exim Exim 4.65
Exim Exim 4.32
Exim Exim 4.20
Exim Exim 4.02
Exim Exim 4.01
Exim Exim 3.30
Exim Exim 3.22
Exim Exim 3.12
Exim Exim 3.11
Exim Exim 2.11
Exim Exim 2.10
Exim Exim 4.69
Exim Exim 4.50
Exim Exim 4.44
Exim Exim 4.63
Exim Exim 4.62
Exim Exim 4.21
971
VMScore
CVE-2010-4344
Heap-based buffer overflow in the string_vformat function in string.c in Exim prior to 4.70 allows remote malicious users to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to impro...
Exim Exim 2.11
Exim Exim 4.66
Exim Exim 4.10
Exim Exim 3.16
Exim Exim 3.21
Exim Exim 3.01
Exim Exim 3.31
Exim Exim 4.24
Exim Exim 3.33
Exim Exim 3.30
Exim Exim 4.30
Exim Exim 4.21
Exim Exim 4.03
Exim Exim 4.51
Exim Exim 4.67
Exim Exim 4.63
Exim Exim 4.00
Exim Exim 4.43
Exim Exim 4.22
Exim Exim 3.10
Exim Exim 4.40
Exim Exim 4.52
2 EDB exploits
2 Nmap scripts
2 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started