Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exim exim vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-37452
Exim prior to 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
Exim Exim
Debian Debian Linux 10.0
1 Github repository
7.5
CVSSv3
CVE-2022-37451
Exim prior to 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.
Exim Exim
Fedoraproject Fedora 35
Fedoraproject Fedora 36
9.8
CVSSv3
CVE-2021-33912
libspf2 prior to 1.2.11 has a four-byte heap-based buffer overflow that might allow remote malicious users to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_reco...
Libspf2 Project Libspf2
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2021-33913
libspf2 prior to 1.2.11 has a heap-based buffer overflow that might allow remote malicious users to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c. The a...
Libspf2 Project Libspf2
7.5
CVSSv3
CVE-2021-38371
The STARTTLS feature in Exim up to and including 4.94.2 allows response injection (buffering) during MTA SMTP sending.
Exim Exim
7.8
CVSSv3
CVE-2020-28016
Exim 4 prior to 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase.
Exim Exim
9.8
CVSSv3
CVE-2020-28020
Exim 4 prior to 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction.
Exim Exim
6.3
CVSSv3
CVE-2021-27216
Exim 4 prior to 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.
Exim Exim
7.8
CVSSv3
CVE-2020-28007
Exim 4 prior to 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem.
Exim Exim
7.8
CVSSv3
CVE-2020-28008
Exim 4 prior to 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to c...
Exim Exim
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »