CVSS: 5.3EPSS: 1%CPEs: 7EXPL: 1CVE-2023-51766 – Debian Security Advisory 5597-1
https://notcve.org/view.php?id=CVE-2023-51766
24 Dec 2023 — Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. Exim hasta 4.97 permite el contrabando SMTP en ciertas configuraciones. • http://www.openwall.com/lists/oss-security/2023/12/24/1 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-37452 – Ubuntu Security Notice USN-5574-1
https://notcve.org/view.php?id=CVE-2022-37452
07 Aug 2022 — Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. Exim versiones anteriores a 4.95, presenta un desbordamiento de búfer en la región heap de la memoria para la lista de alias en la función host_name_lookup en el archivo host.c cuando sender_host_name está establecido It was discovered that Exim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. • https://github.com/Exim/exim/commit/d4bc023436e4cce7c23c5f8bb5199e178b4cc743 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-37451
https://notcve.org/view.php?id=CVE-2022-37451
06 Aug 2022 — Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. Exim versiones anteriores a 4.96, presenta una liberación no válida en el archivo pam_converse en auths/call_pam.c porque store_free no es usada después de store_malloc • https://cwe.mitre.org/data/definitions/762.html • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38371 – Ubuntu Security Notice USN-6881-1
https://notcve.org/view.php?id=CVE-2021-38371
10 Aug 2021 — The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. La función STARTTLS en Exim versiones hasta 4.94.2, permite la inyección de respuestas (buffering) durante el envío MTA SMTP It was discovered that Exim did not enforce STARTTLS sync point on client side. An attacker could possibly use this issue to perform response injection during MTA SMTP sending. • https://nostarttls.secvuln.info • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28017 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28017
06 May 2021 — Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption. Exim 4 versiones anteriores a 4.94.2, permite un Desbordamiento de Enteros para el Desbordamiento del Búfer en la función receive_add_recipient por medio de un mensaje de correo electrónico con cincuenta millones de destinatarios. NOTA: una explotación remota puede ser difícil debido al c... • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28017-RCPTL.txt • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-27216 – Ubuntu Security Notice USN-4934-1
https://notcve.org/view.php?id=CVE-2021-27216
04 May 2021 — Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options. Exim 4 versiones anteriores a 4.94.2, presenta una Ejecución con Privilegios Innecesarios. Al aprovechar una condición de carrera delete_pid_file, un usuario local puede eliminar archivos arbitrarios como root. • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2020-12783 – Debian Security Advisory 4687-1
https://notcve.org/view.php?id=CVE-2020-12783
11 May 2020 — Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. Exim versiones hasta 4.93, presenta una lectura fuera de límites en el autenticador SPA lo que podría resultar en una omisión de la autenticación SPA/NTLM en los archivos auths/spa.c y auths/auth-spa.c. It was discovered that exim4, a mail transport agent, suffers from a authentication bypass vulnerability in the spa authentication driver. The spa auth... • http://www.openwall.com/lists/oss-security/2021/05/04/7 • CWE-125: Out-of-bounds Read •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 1CVE-2020-8015 – Local privilege escalation in exim package from user mail to root
https://notcve.org/view.php?id=CVE-2020-8015
02 Apr 2020 — A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1. Una vulnerabilidad de seguimiento de enlace simbólico (Symlink) de UNIX en el empaquetado de exim en openSUSE Factory, permite a atacantes locales escalar desde un correo de usuario a root. Este problema afecta: exim de openSUSE Factory versiones anteriores a 4.93.0.4-3.1. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00010.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 40%CPEs: 4EXPL: 1CVE-2019-15846 – Ubuntu Security Notice USN-4124-2
https://notcve.org/view.php?id=CVE-2019-15846
06 Sep 2019 — Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. Exim versiones anteriores a 4.92.2, permite a atacantes remotos ejecutar código arbitrario como root por medio de una barra invertida al final de una URL. USN-4124-1 fixed a vulnerability in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Exim incorrectly handled certain decoding operations. • https://github.com/synacktiv/Exim-CVE-2019-15846 •
CVSS: 9.8EPSS: 94%CPEs: 7EXPL: 10CVE-2018-6789 – Exim Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-6789
08 Feb 2018 — An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. Se ha descubierto un problema en la función base64d en el escuchador SMTP en Exim, en versiones anteriores a la 4.90.1. Al enviar un mensaje manipulado, podría ocurrir un desbordamiento de búfer. • https://packetstorm.news/files/id/162959 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •