Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exim exim vulnerabilities and exploits
(subscribe to this query)
641
VMScore
CVE-2020-28012
Exim 4 prior to 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag.
Exim Exim
641
VMScore
CVE-2020-28013
Exim 4 prior to 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy.
Exim Exim
641
VMScore
CVE-2020-28015
Exim 4 prior to 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character.
Exim Exim
641
VMScore
CVE-2020-8015
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local malicious users to escalate from user mail to root. This issue affects: openSUSE Factory exim versions before 4.93.0.4-3.1.
Exim Exim
614
VMScore
CVE-2011-0017
The open_log function in log.c in Exim 4.72 and previous versions does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
Exim Exim 4.43
Exim Exim 4.34
Exim Exim 4.61
Exim Exim 4.60
Exim Exim 4.42
Exim Exim 4.65
Exim Exim 4.32
Exim Exim 4.20
Exim Exim 4.02
Exim Exim 4.01
Exim Exim 3.30
Exim Exim 3.22
Exim Exim 3.12
Exim Exim 3.11
Exim Exim 2.11
Exim Exim 2.10
Exim Exim 4.69
Exim Exim 4.50
Exim Exim 4.44
Exim Exim 4.63
Exim Exim 4.62
Exim Exim 4.21
605
VMScore
CVE-2017-18474
cPanel prior to 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201).
Cpanel Cpanel
605
VMScore
CVE-2014-2957
The dmarc_process function in dmarc.c in Exim prior to 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote malicious users to execute arbitrary code via the From header in an email, which is passed to the expand_string function.
Exim Exim 4.77
Exim Exim 4.76
Exim Exim 4.75
Exim Exim 4.74
Exim Exim 4.60
Exim Exim 4.54
Exim Exim 4.53
Exim Exim 4.52
Exim Exim 4.24
Exim Exim 4.23
Exim Exim 4.22
Exim Exim 4.21
Exim Exim 4.20
Exim Exim 4.80.1
Exim Exim 4.72
Exim Exim 4.70
Exim Exim 4.65
Exim Exim 4.63
Exim Exim 4.61
Exim Exim 4.51
Exim Exim 4.44
Exim Exim 4.32
605
VMScore
CVE-2012-5671
Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 up to and including 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote malicious users to ...
Exim Exim 4.76
Exim Exim 4.77
Exim Exim 4.72
Exim Exim 4.73
Exim Exim 4.74
Exim Exim 4.75
Exim Exim 4.70
Exim Exim 4.71
Exim Exim 4.80
605
VMScore
CVE-2007-1926
Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin prior to 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (...
Jbmc Software Directadmin
578
VMScore
CVE-2017-18475
In cPanel prior to 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204).
Cpanel Cpanel
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-coded
CVE-2024-27202
NULL pointer dereference
CVE-2024-28075
CVE-2024-33608
CVE-2024-28889
CVE-2024-34572
template injection
CVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »