CVSS: 4.0EPSS: 0%CPEs: 18EXPL: 0CVE-2017-1000369 – Qualys Security Advisory - the Stack Clash
https://notcve.org/view.php?id=CVE-2017-1000369
19 Jun 2017 — Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time. Exim es compatible con el uso de múltiples argumentos de líneas de... • http://www.debian.org/security/2017/dsa-3888 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2016-9963 – Ubuntu Security Notice USN-3164-1
https://notcve.org/view.php?id=CVE-2016-9963
05 Jan 2017 — Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. Exim en versiones anteriores a 4.87.1 podrían permitir a atacantes remotos obtener la clave de firma DKIM privada a través de vectores relacionados con archivos de registro y mensajes de devolución. Bjoern Jacke discovered that Exim incorrectly handled DKIM keys. In certain configurations, private DKIM signing keys could be leaked to the log files. • http://www.debian.org/security/2016/dsa-3747 • CWE-320: Key Management Errors •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 8CVE-2016-1531 – Exim - 'perl_startup' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-1531
08 Mar 2016 — Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. Exim en versiones anteriores a 4.86.2, cuando está instalado setuid root, permite a usuarios locales obtener privilegios a través del argumento perl_startup. It was discovered that Exim incorrectly filtered environment variables when used with the perl_startup configuration option. If the perl_startup option was enabled, a local attacker could use this issue to escalate their privileges to th... • https://packetstorm.news/files/id/136165 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 3%CPEs: 51EXPL: 0CVE-2014-2957
https://notcve.org/view.php?id=CVE-2014-2957
04 Sep 2014 — The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function. La función dmarc_process en dmarc.c en Exim anterior a 4.82.1, cuando EXPERIMENTAL_DMARC está habilitado, permite a atacantes remotos ejecutar código arbitrario a través de la cabecera Desde en un email, lo cual es pasado a la función expand_string. • http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 0CVE-2014-2972 – Ubuntu Security Notice USN-2933-1
https://notcve.org/view.php?id=CVE-2014-2972
04 Sep 2014 — expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. expand.c en Exim anterior a 4.83 expande las comparaciones matemáticas dos veces, lo que permite a usuarios locales ganar privilegios y ejecutar comandos arbitrarios a través de un valor lookup maniulado. It was discovered that Exim incorrectly filtered environment variables when used with the perl_startup configuration option. If the per... • http://git.exim.org/exim.git/commitdiff/7685ce68148a083d7759e78d01aa5198fc099c44 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 9%CPEs: 70EXPL: 0CVE-2011-1764 – Gentoo Linux Security Advisory 201401-32
https://notcve.org/view.php?id=CVE-2011-1764
05 Oct 2011 — Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character. Vulnerabilidad de formato de cadena en la función dkim_exim_verify_finish de src/dkim.c de Exim en versiones anteriores a 4.76. Puede permitir a atacantes remotos ejecutar código ... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 0%CPEs: 67EXPL: 0CVE-2011-0017 – Gentoo Linux Security Advisory 201401-32
https://notcve.org/view.php?id=CVE-2011-0017
02 Feb 2011 — The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack. La función open_log en log.c de Exim v4.72 y anteriores no comprueba el valor devuelto por (1) setuid o (2) llamadas del sistema setgid, lo que permite a usuarios locales anexar los datos de registro a los archivos de su elección mediante un ataque de enlace simbólico. Multiple vulnerabilities ... • ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74 • CWE-20: Improper Input Validation CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 84%CPEs: 64EXPL: 4CVE-2010-4344 – Exim Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2010-4344
14 Dec 2010 — Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging. Desbordamiento de búfer basado en montículo en la función string_vformat en string.c en Exim antes de v4.70 permite a atacantes remotos ejecutar código arbitrario a través de una sesión de SMTP que incluye dos comando... • https://www.exploit-db.com/exploits/16925 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 3%CPEs: 67EXPL: 1CVE-2010-4345 – Exim Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2010-4345
14 Dec 2010 — Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive. Exim v4.72 y anteriores permiten a usuarios locales ganar privilegios potenciando la habilidad especificar un archivo de cuenta de usuario con una configuración alternativa mediante una directiva que contenga comandos de su elección, como se demostró con la... • https://www.exploit-db.com/exploits/16925 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 33EXPL: 0CVE-2010-2024 – Gentoo Linux Security Advisory 201401-32
https://notcve.org/view.php?id=CVE-2010-2024
07 Jun 2010 — transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/. transports/appendfile.c en Exim anterior a v4.72, cuando el bloqueo MBX está habilitado, permite a usuarios locales cambiar permisos de archivos o crear archivos de su elección, y provocar una denegación de servicio o posiblemente obtener privileg... • http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •