Vulnerabilities > Exim
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-24 | CVE-2023-51766 | Insufficient Verification of Data Authenticity vulnerability in multiple products Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. | 5.3 |
2022-10-20 | CVE-2022-3620 | A vulnerability was found in Exim and classified as problematic. | 9.8 |
2022-10-17 | CVE-2022-3559 | A vulnerability was found in Exim and classified as problematic. | 7.5 |
2022-08-07 | CVE-2022-37452 | Out-of-bounds Write vulnerability in multiple products Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. | 9.8 |
2022-08-06 | CVE-2022-37451 | Release of Invalid Pointer or Reference vulnerability in multiple products Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. | 7.5 |
2021-08-10 | CVE-2021-38371 | Injection vulnerability in Exim The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. | 7.5 |
2021-05-06 | CVE-2020-28007 | Link Following vulnerability in Exim Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. | 7.8 |
2021-05-06 | CVE-2020-28008 | Improper Privilege Management vulnerability in Exim Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. | 7.8 |
2021-05-06 | CVE-2020-28009 | Integer Overflow or Wraparound vulnerability in Exim Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. | 7.8 |
2021-05-06 | CVE-2020-28010 | Out-of-bounds Write vulnerability in Exim Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms). | 7.8 |