Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exim exim vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-1251
Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote malicious users to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm...
Sa-exim Sa-exim 4.0
Sa-exim Sa-exim 4.1
Sa-exim Sa-exim 4.2
4
CVSSv3
CVE-2017-1000369
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows malicious users to cause arbitrary code execution. This affects exim version 4.89 and previous versions. Pleas...
Exim Exim
Exim Exim 4.88
Exim Exim 4.89
Debian Debian Linux 8.0
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2017-16943
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote malicious users to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
Exim Exim 4.89
Exim Exim 4.88
Debian Debian Linux 9.0
2 Github repositories
7.5
CVSSv3
CVE-2017-16944
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote malicious users to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the en...
Exim Exim 4.88
Exim Exim 4.89
Debian Debian Linux 9.0
1 EDB exploit
1 Github repository
1 Article
NA
CVE-2003-0743
Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) prior to 3.36 and Exim 4 (exim4) prior to 4.21 may allow remote malicious users to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newli...
University Of Cambridge Exim 3.15
University Of Cambridge Exim 3.16
University Of Cambridge Exim 3.3.1
University Of Cambridge Exim 3.3.2
University Of Cambridge Exim 3.36
University Of Cambridge Exim 4.10
University Of Cambridge Exim 3.11
University Of Cambridge Exim 3.12
University Of Cambridge Exim 3.19
University Of Cambridge Exim 3.20
University Of Cambridge Exim 3.32
University Of Cambridge Exim 3.33
University Of Cambridge Exim 3.0
University Of Cambridge Exim 3.17
University Of Cambridge Exim 3.18
University Of Cambridge Exim 3.30
University Of Cambridge Exim 3.31
University Of Cambridge Exim 4.20
University Of Cambridge Exim 3.13
University Of Cambridge Exim 3.14
University Of Cambridge Exim 3.21
University Of Cambridge Exim 3.22
7.8
CVSSv3
CVE-2020-28007
Exim 4 prior to 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem.
Exim Exim
7.8
CVSSv3
CVE-2020-28008
Exim 4 prior to 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to c...
Exim Exim
7.8
CVSSv3
CVE-2020-28009
Exim 4 prior to 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow (multiple d...
Exim Exim
7.8
CVSSv3
CVE-2020-28010
Exim 4 prior to 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms).
Exim Exim
7.8
CVSSv3
CVE-2020-28011
Exim 4 prior to 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root.
Exim Exim
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »