VYPR

rpm package

suse/libspf2&distro=SUSE Package Hub 15 SP2

pkg:rpm/suse/libspf2&distro=SUSE%20Package%20Hub%2015%20SP2

Vulnerabilities (27)

  • CVE-2020-28007May 6, 2021
    affected < 1.2.10-bp152.5.1fixed 1.2.10-bp152.5.1

    Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem.

  • CVE-2020-12783May 11, 2020
    affected < 1.2.10-bp152.5.1fixed 1.2.10-bp152.5.1

    Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.

  • CVE-2019-16928KEVSep 27, 2019
    affected < 1.2.10-bp152.5.1fixed 1.2.10-bp152.5.1

    Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.

  • CVE-2018-6789CriKEVFeb 8, 2018
    affected < 1.2.10-bp152.5.1fixed 1.2.10-bp152.5.1

    An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.

  • CVE-2017-16944HigNov 25, 2017
    affected < 1.2.10-bp152.5.1fixed 1.2.10-bp152.5.1

    The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content

  • CVE-2017-16943CriNov 25, 2017
    affected < 1.2.10-bp152.5.1fixed 1.2.10-bp152.5.1

    The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.

  • CVE-2017-1000369MedJun 19, 2017
    affected < 1.2.10-bp152.5.1fixed 1.2.10-bp152.5.1

    Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream ha

Page 2 of 2