Latest exim exim Vulnerabilities

CVE-2023-51766
Exim: SMTP smuggling
Exim Exim<4.97.1
Fedoraproject Extra Packages For Enterprise Linux=7.0
Fedoraproject Extra Packages For Enterprise Linux=8.0
Fedoraproject Extra Packages For Enterprise Linux=9.0
Fedoraproject Fedora=38
Fedoraproject Fedora=39
and 9 more
CVE-2023-42115
(0Day) Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability
Exim Exim
ubuntu/exim4<4.96.1
ubuntu/exim4<4.93-13ubuntu1.8
ubuntu/exim4<4.95-4ubuntu2.3
ubuntu/exim4<4.96-14ubuntu1.2
ubuntu/exim4<4.96-17ubuntu2
and 1 more
CVE-2023-42119
(0Day) Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability
Exim Exim
ubuntu/exim4<4.96.2
ubuntu/exim4<4.96-17ubuntu2.1
ubuntu/exim4<4.90.1-1ubuntu1.10+
ubuntu/exim4<4.93-13ubuntu1.9
ubuntu/exim4<4.95-4ubuntu2.4
and 4 more
CVE-2023-42116
(0Day) Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability
Exim Exim
ubuntu/exim4<4.90.1-1ubuntu1.10+
ubuntu/exim4<4.93-13ubuntu1.8
ubuntu/exim4<4.95-4ubuntu2.3
ubuntu/exim4<4.96-14ubuntu1.2
ubuntu/exim4<4.96-17ubuntu2
and 4 more
CVE-2023-42117
(0Day) Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability
Exim Exim
ubuntu/exim4<4.96.2
ubuntu/exim4<4.90.1-1ubuntu1.10+
ubuntu/exim4<4.93-13ubuntu1.9
ubuntu/exim4<4.95-4ubuntu2.4
ubuntu/exim4<4.96-14ubuntu1.3
and 4 more
CVE-2023-42114
(0Day) Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability
Exim Exim
ubuntu/exim4<4.90.1-1ubuntu1.10+
ubuntu/exim4<4.93-13ubuntu1.8
ubuntu/exim4<4.95-4ubuntu2.3
ubuntu/exim4<4.96-14ubuntu1.2
ubuntu/exim4<4.96-17ubuntu2
and 4 more
ZDI-23-1471
(0Day) Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability
ZDI-CAN-17433
ZDI-23-1468: (0Day) Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-23-1470
(0Day) Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability
ZDI-23-1468
(0Day) Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-23-1473
(0Day) Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-CAN-17554
ZDI-23-1471: (0Day) Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability
ZDI-CAN-17643
ZDI-23-1473: (0Day) Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability
ZDI-CAN-17434
ZDI-23-1469: (0Day) Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-23-1469
(0Day) Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability
ZDI-CAN-17515
ZDI-23-1470: (0Day) Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2022-3620
A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use afte...
Exim Exim=2022-10-18
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Fedoraproject Fedora=37
CVE-2022-3559
A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the pa...
Exim Exim
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Fedoraproject Fedora=37
CVE-2022-37452
Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
Exim Exim<4.95
Debian Debian Linux=10.0
CVE-2022-37451
Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.
Exim Exim<4.96
Fedoraproject Fedora=35
Fedoraproject Fedora=36
CVE-2021-38371
The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.
Exim Exim<=4.94.2
CVE-2021-27216
Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.
Exim Exim<4.94.2
CVE-2020-28018
Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.
Exim Exim>=4.90<4.94.2
CVE-2020-28026
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline i...
Exim Exim>=4.00<4.94.2
CVE-2020-28012
Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag.
Exim Exim>=4.00<4.94.2
CVE-2020-28021
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code executio...
Exim Exim>=4.00<4.94.2
CVE-2020-28009
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation m...
Exim Exim>=4.00<4.94.2
CVE-2020-28014
Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten.
Exim Exim>=4.00<4.94.2
CVE-2020-28010
Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms).
Exim Exim>=4.00<4.94.2
CVE-2020-28024
Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can a...
Exim Exim>=4.00<4.94.2
CVE-2020-28019
Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client...
Exim Exim>=4.88<4.94.2
CVE-2020-28020
Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-...
Exim Exim>=4.00<4.92
CVE-2020-28025
Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lea...
Exim Exim>=4.00<4.94.2
CVE-2020-28016
Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase.
Exim Exim>=4.00<4.94.2
CVE-2020-28008
Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input sp...
Exim Exim>=4.00<4.94.2
CVE-2020-28015
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character.
Exim Exim>=4.00<4.94.2
CVE-2020-28013
Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the in...
Exim Exim>=4.00<4.94.2
CVE-2020-28023
Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client.
Exim Exim>=4.00<4.94.2
CVE-2020-28011
Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root.
Exim Exim>=4.00<4.94.2
CVE-2020-28007
Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting criti...
Exim Exim>=4.00<4.94.2
CVE-2020-28017
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of reso...
Exim Exim<4.94.1
CVE-2020-8015
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim...
Exim Exim<4.93.0.4-3.1
openSUSE openSUSE
CVE-2019-16928
Exim Out-of-bounds Write Vulnerability
Exim Exim>=4.92<=4.92.2
Canonical Ubuntu Linux=19.04
Debian Debian Linux=10.0
Fedoraproject Fedora=29
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 2 more
CVE-2019-15846
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
Exim Exim<4.92.2
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
ubuntu/exim4<4.90.1-1ubuntu1.4
ubuntu/exim4<4.92-4ubuntu1.3
and 3 more
CVE-2019-13917
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $loc...
Exim Exim>=4.85<=4.92
Debian Debian Linux=9.0
Debian Debian Linux=10.0
debian/exim4
CVE-2019-10149
Exim Mail Transfer Agent (MTA) Improper Input Validation
Exim Exim>=4.87<=4.91
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=18.10
Debian Debian Linux=9.0
debian/exim4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203