Vulnerabilities > Exim > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-20 | CVE-2022-3620 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A vulnerability was found in Exim and classified as problematic. | 9.8 |
| 2022-08-07 | CVE-2022-37452 | Out-of-bounds Write vulnerability in multiple products Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. | 9.8 |
| 2021-05-06 | CVE-2020-28026 | Unspecified vulnerability in Exim Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). | 9.3 |
| 2021-05-06 | CVE-2020-28021 | Unspecified vulnerability in Exim Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. | 9.0 |
| 2021-05-06 | CVE-2020-28017 | Integer Overflow or Wraparound vulnerability in Exim Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. | 9.8 |
| 2019-09-27 | CVE-2019-16928 | Out-of-bounds Write vulnerability in multiple products Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. | 9.8 |
| 2019-09-06 | CVE-2019-15846 | Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. | 9.8 |
| 2019-07-25 | CVE-2019-13917 | Data Processing Errors vulnerability in multiple products Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain). | 10.0 |
| 2019-06-05 | CVE-2019-10149 | OS Command Injection vulnerability in multiple products A flaw was found in Exim versions 4.87 to 4.91 (inclusive). | 9.8 |