Vulnerabilities > Exim > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-10-20 CVE-2022-3620 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A vulnerability was found in Exim and classified as problematic.
network
low complexity
exim fedoraproject CWE-119
critical
9.8
2022-08-07 CVE-2022-37452 Out-of-bounds Write vulnerability in multiple products
Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
network
low complexity
exim debian CWE-787
critical
9.8
2021-05-06 CVE-2020-28017 Integer Overflow or Wraparound vulnerability in Exim
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients.
network
low complexity
exim CWE-190
critical
9.8
2021-05-06 CVE-2020-28018 Use After Free vulnerability in Exim
Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.
network
low complexity
exim CWE-416
critical
9.8
2021-05-06 CVE-2020-28020 Integer Overflow or Wraparound vulnerability in Exim
Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction.
network
low complexity
exim CWE-190
critical
9.8
2021-05-06 CVE-2020-28022 Out-of-bounds Write vulnerability in Exim
Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer.
network
low complexity
exim CWE-787
critical
9.8
2021-05-06 CVE-2020-28024 Out-of-bounds Write vulnerability in Exim
Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF.
network
low complexity
exim CWE-787
critical
9.8
2021-05-06 CVE-2020-28026 Unspecified vulnerability in Exim
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN).
network
low complexity
exim
critical
9.8
2019-09-27 CVE-2019-16928 Out-of-bounds Write vulnerability in multiple products
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846.
network
low complexity
exim canonical debian fedoraproject CWE-787
critical
9.8
2019-09-06 CVE-2019-15846 Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
network
low complexity
exim debian
critical
9.8