Vulnerabilities > Exim > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-20 | CVE-2022-3620 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A vulnerability was found in Exim and classified as problematic. | 9.8 |
| 2022-08-07 | CVE-2022-37452 | Out-of-bounds Write vulnerability in multiple products Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. | 9.8 |
| 2021-05-06 | CVE-2020-28017 | Integer Overflow or Wraparound vulnerability in Exim Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. | 9.8 |
| 2021-05-06 | CVE-2020-28018 | Use After Free vulnerability in Exim Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL. | 9.8 |
| 2021-05-06 | CVE-2020-28020 | Integer Overflow or Wraparound vulnerability in Exim Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction. | 9.8 |
| 2021-05-06 | CVE-2020-28022 | Out-of-bounds Write vulnerability in Exim Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. | 9.8 |
| 2021-05-06 | CVE-2020-28024 | Out-of-bounds Write vulnerability in Exim Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF. | 9.8 |
| 2021-05-06 | CVE-2020-28026 | Unspecified vulnerability in Exim Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). | 9.8 |
| 2019-09-27 | CVE-2019-16928 | Out-of-bounds Write vulnerability in multiple products Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. | 9.8 |
| 2019-09-06 | CVE-2019-15846 | Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. | 9.8 |