Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
exim exim vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-10149
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Exim Exim
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
3 EDB exploits
14 Github repositories
2 Articles
NA
CVE-2002-0274
Exim 3.34 and previous versions may allow local users to gain privileges via a buffer overflow in long -C (configuration file) and other command line arguments.
University Of Cambridge Exim
NA
CVE-1999-0971
Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file.
University Of Cambridge Exim
1 EDB exploit
NA
CVE-2004-0400
Stack-based buffer overflow in Exim 4 prior to 4.33, when the headers_check_syntax option is enabled, allows remote malicious users to cause a denial of service and possibly execute arbitrary code during the header check.
University Of Cambridge Exim
9.8
CVSSv3
CVE-2019-16928
Exim 4.92 up to and including 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
Exim Exim
Canonical Ubuntu Linux 19.04
Debian Debian Linux 10.0
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
1 Github repository
1 Article
NA
CVE-2001-0889
Exim 3.22 and previous versions, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote malicious users to execute arbitrary commands via shell metacharacters.
University Of Cambridge Exim
Redhat Linux
8.8
CVSSv3
CVE-2019-19920
sa-exim 4.2.1 allows malicious users to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.
Sa-exim Project Sa-exim 4.2.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
5.9
CVSSv3
CVE-2016-9963
Exim prior to 4.87.1 might allow remote malicious users to obtain the private DKIM signing key via vectors related to log files and bounce messages.
Exim Exim
Canonical Ubuntu Linux 16.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Debian Debian Linux 8.0
1 Article
9.8
CVSSv3
CVE-2018-6789
An issue exists in the base64d function in the SMTP listener in Exim prior to 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
Exim Exim
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 16.04
2 EDB exploits
6 Github repositories
1 Article
5.3
CVSSv3
CVE-2023-51766
Exim prior to 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Ex...
Exim Exim
Fedoraproject Extra Packages For Enterprise Linux 8.0
Fedoraproject Extra Packages For Enterprise Linux 9.0
Fedoraproject Extra Packages For Enterprise Linux 7.0
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Debian Debian Linux 10.0
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »