Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exim exim - vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-28022
Exim 4 prior to 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands.
Exim Exim
7.5
CVSSv3
CVE-2020-28023
Exim 4 prior to 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client.
Exim Exim
9.8
CVSSv3
CVE-2020-28024
Exim 4 prior to 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF.
Exim Exim
7.5
CVSSv3
CVE-2020-28025
Exim 4 prior to 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory.
Exim Exim
9.8
CVSSv3
CVE-2020-28026
Exim 4 prior to 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote malicious...
Exim Exim
2 Github repositories
6.3
CVSSv3
CVE-2021-27216
Exim 4 prior to 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.
Exim Exim
9.8
CVSSv3
CVE-2020-26098
cPanel prior to 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).
Cpanel Cpanel
7.5
CVSSv3
CVE-2020-12783
Exim up to and including 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.
Exim Exim
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
7.8
CVSSv3
CVE-2020-8015
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local malicious users to escalate from user mail to root. This issue affects: openSUSE Factory exim versions before 4.93.0.4-3.1.
Exim Exim
8.8
CVSSv3
CVE-2019-19920
sa-exim 4.2.1 allows malicious users to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.
Sa-exim Project Sa-exim 4.2.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »