Vulnerabilities > Exim > Exim > 4.94.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-24 | CVE-2023-51766 | Insufficient Verification of Data Authenticity vulnerability in multiple products Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. | 5.3 |
| 2022-08-07 | CVE-2022-37452 | Out-of-bounds Write vulnerability in multiple products Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. | 9.8 |
| 2022-08-06 | CVE-2022-37451 | Release of Invalid Pointer or Reference vulnerability in multiple products Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. | 7.5 |
| 2021-08-10 | CVE-2021-38371 | Injection vulnerability in Exim The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. | 7.5 |
| 2021-05-06 | CVE-2021-27216 | Race Condition vulnerability in Exim Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. | 6.3 |