Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exim vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2020-28010
Exim 4 prior to 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms).
Exim Exim
7.2
CVSSv2
CVE-2020-28011
Exim 4 prior to 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root.
Exim Exim
7.2
CVSSv2
CVE-2020-28012
Exim 4 prior to 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag.
Exim Exim
7.2
CVSSv2
CVE-2020-28013
Exim 4 prior to 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy.
Exim Exim
5.6
CVSSv2
CVE-2020-28014
Exim 4 prior to 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten.
Exim Exim
7.2
CVSSv2
CVE-2020-28015
Exim 4 prior to 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character.
Exim Exim
7.5
CVSSv2
CVE-2020-28017
Exim 4 prior to 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.
Exim Exim
2 Github repositories
7.5
CVSSv2
CVE-2020-28018
Exim 4 prior to 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.
Exim Exim
2 Github repositories
5
CVSSv2
CVE-2020-28019
Exim 4 prior to 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA.
Exim Exim
9
CVSSv2
CVE-2020-28021
Exim 4 prior to 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command.
Exim Exim
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »