Vendor CVEs
Exim
All CVEs
76 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-6789 | Cri | 0.84 | 9.8 | 0.82 | KEV | Feb 8, 2018 | An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. | |
| CVE-2010-4344 | Cri | 0.84 | 9.8 | 0.72 | KEV | Dec 14, 2010 | Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper… | |
| CVE-2017-16943 | Cri | 0.67 | 9.8 | 0.47 | Nov 25, 2017 | The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands. | ||
| CVE-2010-4345 | Hig | 0.67 | 7.8 | 0.18 | KEV | Dec 14, 2010 | Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive. | |
| CVE-2026-45185 | Cri | 0.64 | 9.8 | 0.01 | May 12, 2026 | Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection.… | ||
| CVE-2017-16944 | Hig | 0.57 | 7.5 | 0.63 | Nov 25, 2017 | The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the… | ||
| CVE-2016-1531 | Hig | 0.49 | 7.0 | 0.06 | Apr 7, 2016 | Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. | ||
| CVE-2026-40685 | Med | 0.42 | 6.5 | 0.00 | Apr 30, 2026 | In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping. | ||
| CVE-2016-9963 | Med | 0.39 | 5.9 | 0.03 | Feb 1, 2017 | Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. | ||
| CVE-2026-40684 | Med | 0.38 | 5.9 | 0.00 | Apr 30, 2026 | In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing. | ||
| CVE-2026-48840 | Med | 0.34 | 5.3 | 0.00 | May 30, 2026 | Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client. | ||
| CVE-2026-40687 | Med | 0.31 | 4.8 | 0.00 | Apr 30, 2026 | In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory. | ||
| CVE-2017-1000369 | Med | 0.26 | 4.0 | 0.01 | Jun 19, 2017 | Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream… | ||
| CVE-2026-40686 | Low | 0.24 | 3.7 | 0.00 | Apr 30, 2026 | In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be divulged within an error message produced during handling of an unrelated e-mail message. | ||
| CVE-2019-10149 | 0.23 | — | 1.00 | KEV | Jun 5, 2019 | A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. | ||
| CVE-2019-16928 | 0.19 | — | 0.42 | KEV | Sep 27, 2019 | Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command. | ||
| CVE-2025-26794 | 0.06 | — | 0.76 | Feb 21, 2025 | Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.) | |||
| CVE-2024-39929 | 0.05 | — | 0.41 | Jul 4, 2024 | Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users. | |||
| CVE-2023-42115 | 0.05 | — | 0.10 | May 3, 2024 | Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp… | |||
| CVE-2020-28018 | 0.05 | — | 0.56 | May 6, 2021 | Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL. | |||
| CVE-2019-15846 | 0.05 | — | 0.36 | Sep 6, 2019 | Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. | |||
| CVE-2004-0399 | 0.05 | — | 0.21 | Jul 7, 2004 | Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification. | |||
| CVE-2001-0690 | 0.04 | — | 0.12 | Sep 20, 2001 | Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers. | |||
| CVE-2005-0021 | 0.03 | — | 0.03 | May 2, 2005 | Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line… | |||
| CVE-2002-1381 | 0.03 | — | 0.02 | Dec 23, 2002 | Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value. | |||
| CVE-1999-0971 | 0.03 | — | 0.01 | Jul 22, 1997 | Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file. | |||
| CVE-2020-28020 | 0.02 | — | 0.08 | May 6, 2021 | Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction. | |||
| CVE-2023-42117 | 0.01 | — | 0.06 | May 3, 2024 | Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists… | |||
| CVE-2023-42116 | 0.01 | — | 0.03 | May 3, 2024 | Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists… | |||
| CVE-2023-42114 | 0.01 | — | 0.28 | May 3, 2024 | Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists… | |||
| CVE-2019-13917 | 0.01 | — | 0.09 | Jul 25, 2019 | Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain). | |||
| CVE-2012-5671 | 0.01 | — | 0.08 | Oct 31, 2012 | Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via… | |||
| CVE-2004-0400 | 0.01 | — | 0.07 | Jul 7, 2004 | Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check. | |||
| CVE-2001-0889 | 0.01 | — | 0.06 | Dec 19, 2001 | Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters. | |||
| CVE-2025-67896 | 0.00 | — | 0.00 | Dec 14, 2025 | Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation. | |||
| CVE-2025-30232 | 0.00 | — | 0.01 | Mar 27, 2025 | A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. | |||
| CVE-2023-42119 | 0.00 | — | 0.02 | May 3, 2024 | Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists… | |||
| CVE-2023-51766 | 0.00 | — | 0.01 | Dec 24, 2023 | Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because… | |||
| CVE-2016-15010 | 0.00 | — | 0.01 | Jan 5, 2023 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site… | |||
| CVE-2022-3620 | 0.00 | — | 0.01 | Oct 20, 2022 | A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is… | |||
| CVE-2022-3559 | 0.00 | — | 0.04 | Oct 17, 2022 | A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a… | |||
| CVE-2022-37452 | 0.00 | — | 0.03 | Aug 7, 2022 | Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. | |||
| CVE-2022-37451 | 0.00 | — | 0.03 | Aug 6, 2022 | Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. | |||
| CVE-2021-38371 | 0.00 | — | 0.02 | Aug 10, 2021 | The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. | |||
| CVE-2021-27216 | 0.00 | — | 0.01 | May 6, 2021 | Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options. | |||
| CVE-2020-28026 | 0.00 | — | 0.09 | May 6, 2021 | Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers… | |||
| CVE-2020-28025 | 0.00 | — | 0.03 | May 6, 2021 | Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory. | |||
| CVE-2020-28024 | 0.00 | — | 0.04 | May 6, 2021 | Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF. | |||
| CVE-2020-28023 | 0.00 | — | 0.03 | May 6, 2021 | Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client. | |||
| CVE-2020-28022 | 0.00 | — | 0.03 | May 6, 2021 | Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands. |
- risk 0.84cvss 9.8epss 0.82
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
- risk 0.84cvss 9.8epss 0.72
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper…
- risk 0.67cvss 9.8epss 0.47
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
- risk 0.67cvss 7.8epss 0.18
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
- risk 0.64cvss 9.8epss 0.01
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection.…
- risk 0.57cvss 7.5epss 0.63
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the…
- risk 0.49cvss 7.0epss 0.06
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
- risk 0.42cvss 6.5epss 0.00
In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping.
- risk 0.39cvss 5.9epss 0.03
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
- risk 0.38cvss 5.9epss 0.00
In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.
- risk 0.34cvss 5.3epss 0.00
Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.
- risk 0.31cvss 4.8epss 0.00
In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory.
- risk 0.26cvss 4.0epss 0.01
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream…
- risk 0.24cvss 3.7epss 0.00
In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be divulged within an error message produced during handling of an unrelated e-mail message.
- risk 0.23cvss —epss 1.00
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
- risk 0.19cvss —epss 0.42
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
- CVE-2025-26794Feb 21, 2025risk 0.06cvss —epss 0.76
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)
- CVE-2024-39929Jul 4, 2024risk 0.05cvss —epss 0.41
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.
- CVE-2023-42115May 3, 2024risk 0.05cvss —epss 0.10
Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp…
- CVE-2020-28018May 6, 2021risk 0.05cvss —epss 0.56
Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.
- CVE-2019-15846Sep 6, 2019risk 0.05cvss —epss 0.36
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
- CVE-2004-0399Jul 7, 2004risk 0.05cvss —epss 0.21
Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
- CVE-2001-0690Sep 20, 2001risk 0.04cvss —epss 0.12
Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.
- CVE-2005-0021May 2, 2005risk 0.03cvss —epss 0.03
Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line…
- CVE-2002-1381Dec 23, 2002risk 0.03cvss —epss 0.02
Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
- CVE-1999-0971Jul 22, 1997risk 0.03cvss —epss 0.01
Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file.
- CVE-2020-28020May 6, 2021risk 0.02cvss —epss 0.08
Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction.
- CVE-2023-42117May 3, 2024risk 0.01cvss —epss 0.06
Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists…
- CVE-2023-42116May 3, 2024risk 0.01cvss —epss 0.03
Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists…
- CVE-2023-42114May 3, 2024risk 0.01cvss —epss 0.28
Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists…
- CVE-2019-13917Jul 25, 2019risk 0.01cvss —epss 0.09
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
- CVE-2012-5671Oct 31, 2012risk 0.01cvss —epss 0.08
Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via…
- CVE-2004-0400Jul 7, 2004risk 0.01cvss —epss 0.07
Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
- CVE-2001-0889Dec 19, 2001risk 0.01cvss —epss 0.06
Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters.
- CVE-2025-67896Dec 14, 2025risk 0.00cvss —epss 0.00
Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
- CVE-2025-30232Mar 27, 2025risk 0.00cvss —epss 0.01
A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.
- CVE-2023-42119May 3, 2024risk 0.00cvss —epss 0.02
Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists…
- CVE-2023-51766Dec 24, 2023risk 0.00cvss —epss 0.01
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because…
- CVE-2016-15010Jan 5, 2023risk 0.00cvss —epss 0.01
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site…
- CVE-2022-3620Oct 20, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is…
- CVE-2022-3559Oct 17, 2022risk 0.00cvss —epss 0.04
A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a…
- CVE-2022-37452Aug 7, 2022risk 0.00cvss —epss 0.03
Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
- CVE-2022-37451Aug 6, 2022risk 0.00cvss —epss 0.03
Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.
- CVE-2021-38371Aug 10, 2021risk 0.00cvss —epss 0.02
The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.
- CVE-2021-27216May 6, 2021risk 0.00cvss —epss 0.01
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.
- CVE-2020-28026May 6, 2021risk 0.00cvss —epss 0.09
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers…
- CVE-2020-28025May 6, 2021risk 0.00cvss —epss 0.03
Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory.
- CVE-2020-28024May 6, 2021risk 0.00cvss —epss 0.04
Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF.
- CVE-2020-28023May 6, 2021risk 0.00cvss —epss 0.03
Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client.
- CVE-2020-28022May 6, 2021risk 0.00cvss —epss 0.03
Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands.
Page 1 of 2