VYPR

rpm package

opensuse/exim&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/exim&distro=openSUSE%20Tumbleweed

Vulnerabilities (53)

  • CVE-2025-53881MedOct 2, 2025
    affected < 4.98.2-4.1fixed 4.98.2-4.1

    A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1.

  • CVE-2025-30232Mar 27, 2025
    affected < 4.98.2-1.1fixed 4.98.2-1.1

    A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.

  • CVE-2025-26794Feb 21, 2025
    affected < 4.98.2-1.1fixed 4.98.2-1.1

    Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)

  • CVE-2024-39929Jul 4, 2024
    affected < 4.98-1.1fixed 4.98-1.1

    Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.

  • CVE-2023-42119May 3, 2024
    affected < 4.96.2-1.1fixed 4.96.2-1.1

    Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists wi

  • CVE-2023-42117May 3, 2024
    affected < 4.96.2-1.1fixed 4.96.2-1.1

    Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists wi

  • CVE-2023-42116May 3, 2024
    affected < 4.96.1-1.1fixed 4.96.1-1.1

    Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists wit

  • CVE-2023-42115May 3, 2024
    affected < 4.96.1-1.1fixed 4.96.1-1.1

    Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp serv

  • CVE-2023-42114May 3, 2024
    affected < 4.96.1-1.1fixed 4.96.1-1.1

    Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists wit

  • CVE-2023-51766Dec 24, 2023
    affected < 4.97.1-1.1fixed 4.97.1-1.1

    Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim

  • CVE-2022-3559Oct 17, 2022
    affected < 4.96-3.1fixed 4.96-3.1

    A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a pa

  • CVE-2020-28026May 6, 2021
    affected < 4.94.2-4.2fixed 4.94.2-4.2

    Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers t

  • CVE-2020-28025May 6, 2021
    affected < 4.94.2-4.2fixed 4.94.2-4.2

    Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory.

  • CVE-2020-28024May 6, 2021
    affected < 4.94.2-4.2fixed 4.94.2-4.2

    Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF.

  • CVE-2020-28023May 6, 2021
    affected < 4.94.2-4.2fixed 4.94.2-4.2

    Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client.

  • CVE-2020-28022May 6, 2021
    affected < 4.94.2-4.2fixed 4.94.2-4.2

    Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands.

  • CVE-2020-28021May 6, 2021
    affected < 4.94.2-4.2fixed 4.94.2-4.2

    Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command.

  • CVE-2020-28020May 6, 2021
    affected < 4.94.2-4.2fixed 4.94.2-4.2

    Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction.

  • CVE-2020-28019May 6, 2021
    affected < 4.94.2-4.2fixed 4.94.2-4.2

    Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA.

  • CVE-2020-28018May 6, 2021
    affected < 4.94.2-4.2fixed 4.94.2-4.2

    Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.

Page 1 of 3