rpm package
opensuse/exim&distro=openSUSE Leap 15.2
pkg:rpm/opensuse/exim&distro=openSUSE%20Leap%2015.2
Vulnerabilities (26)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-12783 | — | < 4.94.2-lp152.8.3.1 | 4.94.2-lp152.8.3.1 | May 11, 2020 | Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. | ||
| CVE-2019-16928 | — | KEV | < 4.94.2-lp152.8.3.1 | 4.94.2-lp152.8.3.1 | Sep 27, 2019 | Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command. | |
| CVE-2018-6789 | Cri | 9.8 | KEV | < 4.94.2-lp152.8.3.1 | 4.94.2-lp152.8.3.1 | Feb 8, 2018 | An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. |
| CVE-2017-16944 | Hig | 7.5 | < 4.94.2-lp152.8.3.1 | 4.94.2-lp152.8.3.1 | Nov 25, 2017 | The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content | |
| CVE-2017-16943 | Cri | 9.8 | < 4.94.2-lp152.8.3.1 | 4.94.2-lp152.8.3.1 | Nov 25, 2017 | The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands. | |
| CVE-2017-1000369 | Med | 4.0 | < 4.94.2-lp152.8.3.1 | 4.94.2-lp152.8.3.1 | Jun 19, 2017 | Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream ha |
- CVE-2020-12783May 11, 2020affected < 4.94.2-lp152.8.3.1fixed 4.94.2-lp152.8.3.1
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.
- affected < 4.94.2-lp152.8.3.1fixed 4.94.2-lp152.8.3.1
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
- affected < 4.94.2-lp152.8.3.1fixed 4.94.2-lp152.8.3.1
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
- affected < 4.94.2-lp152.8.3.1fixed 4.94.2-lp152.8.3.1
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content
- affected < 4.94.2-lp152.8.3.1fixed 4.94.2-lp152.8.3.1
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
- affected < 4.94.2-lp152.8.3.1fixed 4.94.2-lp152.8.3.1
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream ha
Page 2 of 2