Vulnerabilities > Exim

DATE CVE VULNERABILITY TITLE RISK
2021-05-06 CVE-2020-28022 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Exim
Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer.
network
low complexity
exim CWE-119
7.5
2021-05-06 CVE-2020-28023 Out-of-bounds Read vulnerability in Exim
Exim 4 before 4.94.2 allows Out-of-bounds Read.
network
low complexity
exim CWE-125
5.0
2021-05-06 CVE-2020-28024 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Exim
Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF.
network
low complexity
exim CWE-119
7.5
2021-05-06 CVE-2020-28025 Out-of-bounds Read vulnerability in Exim
Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory.
network
low complexity
exim CWE-125
5.0
2021-05-06 CVE-2020-28026 Unspecified vulnerability in Exim
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN).
network
exim
critical
9.3
2021-05-06 CVE-2021-27216 Improper Privilege Management vulnerability in Exim
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges.
local
exim CWE-269
6.3
2020-05-11 CVE-2020-12783 Out-of-bounds Read vulnerability in multiple products
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.
network
low complexity
exim fedoraproject debian canonical CWE-125
7.5
2020-04-02 CVE-2020-8015 Link Following vulnerability in Exim
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root.
local
low complexity
exim CWE-59
7.2
2019-09-27 CVE-2019-16928 Out-of-bounds Write vulnerability in multiple products
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846.
network
low complexity
exim canonical debian fedoraproject CWE-787
critical
9.8
2019-09-06 CVE-2019-15846 Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
network
low complexity
exim debian
critical
9.8