Vulnerabilities > Exim > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-24 CVE-2023-51766 Insufficient Verification of Data Authenticity vulnerability in multiple products
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations.
network
low complexity
exim fedoraproject debian CWE-345
5.3
2021-05-06 CVE-2020-28014 Improper Privilege Management vulnerability in Exim
Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges.
local
low complexity
exim CWE-269
6.1
2021-05-06 CVE-2021-27216 Race Condition vulnerability in Exim
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges.
local
high complexity
exim CWE-362
6.3
2017-06-19 CVE-2017-1000369 Improper Resource Shutdown or Release vulnerability in multiple products
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution.
local
low complexity
exim debian CWE-404
4.0
2017-02-01 CVE-2016-9963 Key Management Errors vulnerability in multiple products
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
network
high complexity
exim canonical debian CWE-320
5.9