Vulnerabilities > Exim

DATE CVE VULNERABILITY TITLE RISK
2020-05-11 CVE-2020-12783 Out-Of-Bounds Read vulnerability in Exim
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.
network
low complexity
exim CWE-125
5.0
2020-04-02 CVE-2020-8015 Link Following vulnerability in Exim
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root.
local
low complexity
exim CWE-59
7.2
2019-09-27 CVE-2019-16928 Classic Buffer Overflow vulnerability in multiple products
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846.
network
low complexity
exim canonical debian CWE-120
7.5
2019-09-06 CVE-2019-15846 Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
network
low complexity
exim debian
critical
10.0
2019-07-25 CVE-2019-13917 Data Processing Errors vulnerability in multiple products
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
network
low complexity
exim debian CWE-19
critical
10.0
2019-06-05 CVE-2019-10149 Improper Input Validation vulnerability in Exim
A flaw was found in Exim versions 4.87 to 4.91 (inclusive).
network
low complexity
exim CWE-20
7.5
2018-02-08 CVE-2018-6789 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1.
network
low complexity
exim debian canonical CWE-119
7.5
2017-11-25 CVE-2017-16944 Infinite Loop vulnerability in multiple products
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.
network
low complexity
exim debian CWE-835
5.0
2017-11-25 CVE-2017-16943 USE After Free vulnerability in multiple products
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
network
low complexity
exim debian CWE-416
7.5
2017-06-19 CVE-2017-1000369 Improper Resource Shutdown OR Release vulnerability in multiple products
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution.
local
low complexity
exim debian CWE-404
2.1