Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Exim
(Exim)Repositories | https://github.com/Exim/exim |
#Vulnerabilities | 49 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-08-07 | CVE-2022-37452 | Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. | Debian_linux, Exim | 9.8 | ||
2021-05-06 | CVE-2020-28017 | Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption. | Exim | 9.8 | ||
2021-05-06 | CVE-2020-28012 | Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag. | Exim | 7.8 | ||
2021-05-06 | CVE-2020-28014 | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten. | Exim | 6.1 | ||
2021-05-06 | CVE-2020-28026 | Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root. | Exim | 9.8 | ||
2021-05-06 | CVE-2020-28010 | Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms). | Exim | 7.8 | ||
2021-05-06 | CVE-2020-28020 | Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction. | Exim | 9.8 | ||
2021-08-10 | CVE-2021-38371 | The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. | Exim | 7.5 | ||
2018-02-08 | CVE-2018-6789 | An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. | Ubuntu_linux, Debian_linux, Exim | 9.8 | ||
2021-05-06 | CVE-2020-28018 | Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL. | Exim | 9.8 |