Vulnerabilities > Exim > High

DATE CVE VULNERABILITY TITLE RISK
2021-05-06 CVE-2020-28015 Unspecified vulnerability in Exim
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters.
local
low complexity
exim
7.8
2021-05-06 CVE-2020-28016 Out-of-bounds Write vulnerability in Exim
Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase.
local
low complexity
exim CWE-787
7.8
2021-05-06 CVE-2020-28019 Improper Initialization vulnerability in Exim
Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences.
network
low complexity
exim CWE-665
7.5
2021-05-06 CVE-2020-28021 Unspecified vulnerability in Exim
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters.
network
low complexity
exim
8.8
2021-05-06 CVE-2020-28023 Out-of-bounds Read vulnerability in Exim
Exim 4 before 4.94.2 allows Out-of-bounds Read.
network
low complexity
exim CWE-125
7.5
2021-05-06 CVE-2020-28025 Out-of-bounds Read vulnerability in Exim
Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory.
network
low complexity
exim CWE-125
7.5
2020-05-11 CVE-2020-12783 Out-of-bounds Read vulnerability in multiple products
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.
network
low complexity
exim fedoraproject debian canonical CWE-125
7.5
2020-04-02 CVE-2020-8015 Link Following vulnerability in Exim
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root.
local
low complexity
exim CWE-59
7.8
2017-11-25 CVE-2017-16944 Infinite Loop vulnerability in multiple products
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.
network
low complexity
exim debian CWE-835
7.5
2016-04-07 CVE-2016-1531 Permissions, Privileges, and Access Controls vulnerability in Exim
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
local
high complexity
exim CWE-264
7.0