Vulnerabilities > Exim > Exim > 4.94.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-24 | CVE-2023-51766 | Insufficient Verification of Data Authenticity vulnerability in multiple products Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. | 5.3 |
| 2022-08-07 | CVE-2022-37452 | Out-of-bounds Write vulnerability in multiple products Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. | 9.8 |
| 2022-08-06 | CVE-2022-37451 | Release of Invalid Pointer or Reference vulnerability in multiple products Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. | 7.5 |
| 2021-05-06 | CVE-2020-28010 | Out-of-bounds Write vulnerability in Exim Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms). | 7.2 |
| 2021-05-06 | CVE-2020-28012 | Unspecified vulnerability in Exim Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag. | 7.2 |
| 2021-05-06 | CVE-2020-28014 | Improper Privilege Management vulnerability in Exim Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. | 5.6 |
| 2021-05-06 | CVE-2020-28018 | Use After Free vulnerability in Exim Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL. | 7.5 |
| 2021-05-06 | CVE-2020-28022 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Exim Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. | 7.5 |
| 2021-05-06 | CVE-2020-28024 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Exim Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF. | 7.5 |
| 2021-05-06 | CVE-2020-28026 | Unspecified vulnerability in Exim Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). | 9.3 |