Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

exim exim vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv2
CVE-2019-16928
Exim 4.92 up to and including 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
Exim EximCanonical Ubuntu Linux 19.04Debian Debian Linux 10.0Fedoraproject Fedora 29Fedoraproject Fedora 30Fedoraproject Fedora 31
10
CVSSv2
CVE-2019-15846
Exim prior to 4.92.2 allows remote malicious users to execute arbitrary code as root via a trailing backslash.
Exim EximDebian Debian Linux 8.0Debian Debian Linux 9.0Debian Debian Linux 10.0
6.8
CVSSv2
CVE-2017-18474
cPanel prior to 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201).
Cpanel Cpanel
4
CVSSv2
CVE-2017-18477
In cPanel prior to 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206).
Cpanel Cpanel
6.5
CVSSv2
CVE-2017-18475
In cPanel prior to 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204).
Cpanel Cpanel
4.9
CVSSv2
CVE-2017-18396
cPanel prior to 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329).
Cpanel Cpanel
4.9
CVSSv2
CVE-2019-14404
cPanel prior to 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484).
Cpanel Cpanel
5
CVSSv2
CVE-2019-14388
cPanel prior to 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507).
Cpanel Cpanel
10
CVSSv2
CVE-2019-13917
Exim 4.85 up to and including 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
Exim EximDebian Debian Linux 10.0Debian Debian Linux 9.0
10
CVSSv2
CVE-2019-10149
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Exim EximDebian Debian Linux 9.0Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 18.10
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook