Vulnerabilities > Exim > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-10-20 CVE-2022-3620 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A vulnerability was found in Exim and classified as problematic.
network
low complexity
exim fedoraproject CWE-119
critical
9.8
2022-08-07 CVE-2022-37452 Out-of-bounds Write vulnerability in multiple products
Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
network
low complexity
exim debian CWE-787
critical
9.8
2021-05-06 CVE-2020-28017 Integer Overflow or Wraparound vulnerability in Exim
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients.
network
low complexity
exim CWE-190
critical
9.8
2021-05-06 CVE-2020-28021 Unspecified vulnerability in Exim
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters.
network
low complexity
exim
critical
9.0
2021-05-06 CVE-2020-28026 Unspecified vulnerability in Exim
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN).
network
exim
critical
9.3
2019-09-27 CVE-2019-16928 Out-of-bounds Write vulnerability in multiple products
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846.
network
low complexity
exim canonical debian fedoraproject CWE-787
critical
9.8
2019-09-06 CVE-2019-15846 Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
network
low complexity
exim debian
critical
9.8
2019-07-25 CVE-2019-13917 Data Processing Errors vulnerability in multiple products
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
network
low complexity
exim debian CWE-19
critical
10.0
2019-06-05 CVE-2019-10149 OS Command Injection vulnerability in multiple products
A flaw was found in Exim versions 4.87 to 4.91 (inclusive).
network
low complexity
exim debian canonical CWE-78
critical
9.8
2018-02-08 CVE-2018-6789 Classic Buffer Overflow vulnerability in multiple products
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1.
network
low complexity
exim debian canonical CWE-120
critical
9.8