Total
56 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1407 | 1 Exim | 1 Exim | 2025-04-11 | 7.5 HIGH | N/A |
| The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity. | |||||
| CVE-2010-4344 | 4 Canonical, Debian, Exim and 1 more | 4 Ubuntu Linux, Debian Linux, Exim and 1 more | 2025-04-11 | 9.3 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging. | |||||
| CVE-2012-5671 | 1 Exim | 1 Exim | 2025-04-11 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server. | |||||
| CVE-2010-2024 | 1 Exim | 1 Exim | 2025-04-11 | 4.4 MEDIUM | N/A |
| transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/. | |||||
| CVE-2019-10149 | 3 Canonical, Debian, Exim | 3 Ubuntu Linux, Debian Linux, Exim | 2025-04-01 | 10.0 HIGH | 9.8 CRITICAL |
| A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. | |||||
| CVE-2018-6789 | 3 Canonical, Debian, Exim | 3 Ubuntu Linux, Debian Linux, Exim | 2025-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. | |||||
| CVE-2019-16928 | 4 Canonical, Debian, Exim and 1 more | 4 Ubuntu Linux, Debian Linux, Exim and 1 more | 2025-03-07 | 7.5 HIGH | 9.8 CRITICAL |
| Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command. | |||||
| CVE-2023-51766 | 3 Debian, Exim, Fedoraproject | 4 Debian Linux, Exim, Extra Packages For Enterprise Linux and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. | |||||
| CVE-2022-37452 | 2 Debian, Exim | 2 Debian Linux, Exim | 2024-11-21 | N/A | 9.8 CRITICAL |
| Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. | |||||
| CVE-2022-37451 | 2 Exim, Fedoraproject | 2 Exim, Fedora | 2024-11-21 | N/A | 7.5 HIGH |
| Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. | |||||
| CVE-2021-38371 | 1 Exim | 1 Exim | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. | |||||
| CVE-2021-27216 | 1 Exim | 1 Exim | 2024-11-21 | 6.3 MEDIUM | 6.3 MEDIUM |
| Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options. | |||||
| CVE-2020-8015 | 2 Exim, Opensuse | 2 Exim, Opensuse | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1. | |||||
| CVE-2020-28026 | 1 Exim | 1 Exim | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
| Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root. | |||||
| CVE-2020-28025 | 1 Exim | 1 Exim | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory. | |||||
| CVE-2020-28024 | 1 Exim | 1 Exim | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF. | |||||
| CVE-2020-28023 | 1 Exim | 1 Exim | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client. | |||||
| CVE-2020-28022 | 1 Exim | 1 Exim | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands. | |||||
| CVE-2020-28021 | 1 Exim | 1 Exim | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command. | |||||
| CVE-2020-28020 | 1 Exim | 1 Exim | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction. | |||||