Vulnerabilities > Exim > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-24 CVE-2023-51766 Insufficient Verification of Data Authenticity vulnerability in multiple products
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations.
network
low complexity
exim fedoraproject debian CWE-345
5.3
2021-05-06 CVE-2020-28014 Improper Privilege Management vulnerability in Exim
Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges.
local
low complexity
exim CWE-269
5.6
2021-05-06 CVE-2020-28019 Improper Initialization vulnerability in Exim
Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences.
network
low complexity
exim CWE-665
5.0
2021-05-06 CVE-2020-28023 Out-of-bounds Read vulnerability in Exim
Exim 4 before 4.94.2 allows Out-of-bounds Read.
network
low complexity
exim CWE-125
5.0
2021-05-06 CVE-2020-28025 Out-of-bounds Read vulnerability in Exim
Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory.
network
low complexity
exim CWE-125
5.0
2021-05-06 CVE-2021-27216 Improper Privilege Management vulnerability in Exim
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges.
local
exim CWE-269
6.3
2017-11-25 CVE-2017-16944 Infinite Loop vulnerability in multiple products
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.
network
low complexity
exim debian CWE-835
5.0
2016-04-07 CVE-2016-1531 Permissions, Privileges, and Access Controls vulnerability in Exim
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
local
exim CWE-264
6.9
2014-09-04 CVE-2014-2972 Numeric Errors vulnerability in Exim
expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.
local
low complexity
exim CWE-189
4.6
2014-09-04 CVE-2014-2957 Improper Input Validation vulnerability in Exim
The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.
network
exim CWE-20
6.8