VYPR

Sa Exim

by Sa Exim

CVEs (2)

  • CVE-2019-19920HigDec 22, 2019
    risk 0.57cvss 8.8epss 0.03

    sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.

  • CVE-2006-1251Mar 19, 2006
    risk 0.00cvss epss 0.01

    Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm…