Search Results (Refine Search)
- CPE Product Version: cpe:/a:exim:exim:4.77
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-28009 |
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow (multiple days). Published: May 06, 2021; 9:15:09 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2020-28008 |
Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution. Published: May 06, 2021; 9:15:09 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2020-28007 |
Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem. Published: May 06, 2021; 9:15:09 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2020-12783 |
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. Published: May 11, 2020; 10:15:11 AM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2020-8015 |
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1. Published: April 02, 2020; 4:15:21 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2019-15846 |
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. Published: September 06, 2019; 7:15:11 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2018-6789 |
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. Published: February 08, 2018; 6:29:01 PM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-1000369 |
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time. Published: June 19, 2017; 12:29:00 PM -0400 |
V3.1: 4.0 MEDIUM V2.0: 2.1 LOW |
CVE-2016-9963 |
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. Published: February 01, 2017; 10:59:00 AM -0500 |
V3.0: 5.9 MEDIUM V2.0: 2.6 LOW |
CVE-2016-1531 |
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. Published: April 07, 2016; 7:59:04 PM -0400 |
V3.0: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2014-2972 |
expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. Published: September 04, 2014; 1:55:05 PM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2014-2957 |
The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function. Published: September 04, 2014; 1:55:05 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-5671 |
Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server. Published: October 31, 2012; 12:55:06 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |