Vulnerabilities > Exim

DATE CVE VULNERABILITY TITLE RISK
2021-05-06 CVE-2021-27216 Improper Privilege Management vulnerability in Exim
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges.
local
exim CWE-269
6.3
2020-05-11 CVE-2020-12783 Out-of-bounds Read vulnerability in Exim
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.
network
low complexity
exim CWE-125
5.0
2020-04-02 CVE-2020-8015 Link Following vulnerability in Exim
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root.
local
low complexity
exim CWE-59
7.2
2019-09-27 CVE-2019-16928 Out-of-bounds Write vulnerability in multiple products
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846.
network
low complexity
exim canonical debian fedoraproject CWE-787
7.5
2019-09-06 CVE-2019-15846 Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
network
low complexity
exim debian
critical
10.0
2019-07-25 CVE-2019-13917 Data Processing Errors vulnerability in multiple products
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
network
low complexity
exim debian CWE-19
critical
10.0
2019-06-05 CVE-2019-10149 OS Command Injection vulnerability in Exim
A flaw was found in Exim versions 4.87 to 4.91 (inclusive).
network
low complexity
exim CWE-78
critical
10.0
2018-02-08 CVE-2018-6789 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1.
network
low complexity
exim debian canonical CWE-119
7.5
2017-11-25 CVE-2017-16944 Infinite Loop vulnerability in multiple products
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.
network
low complexity
exim debian CWE-835
5.0
2017-11-25 CVE-2017-16943 Use After Free vulnerability in multiple products
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.
network
low complexity
exim debian CWE-416
7.5