CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-27216 – Ubuntu Security Notice USN-4934-1
https://notcve.org/view.php?id=CVE-2021-27216
04 May 2021 — Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options. Exim 4 versiones anteriores a 4.94.2, presenta una Ejecución con Privilegios Innecesarios. Al aprovechar una condición de carrera delete_pid_file, un usuario local puede eliminar archivos arbitrarios como root. • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28015 – Ubuntu Security Notice USN-4934-1
https://notcve.org/view.php?id=CVE-2020-28015
04 May 2021 — Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character. Exim 4 versiones anteriores a 4.94.2, presenta Neutralización Inapropiada de Delimitadores de Línea. Los usuarios locales pueden alterar el comportamiento de los procesos root porque la dirección de un destinatario pueda tener un carácter newline It was discovered that Exim contained multiple security issues. An attacker could use... • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28015-NLEND.txt •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28007 – Ubuntu Security Notice USN-4934-1
https://notcve.org/view.php?id=CVE-2020-28007
04 May 2021 — Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem. Exim 4 versiones anteriores a 4.94.2, permite una Ejecución con Privilegios Innecesarios. Debido a que Exim opera como root en el directorio de registro (propiedad para un usuario no root), un ataque de enlace simbólico o físico permite sobrescribir archivos... • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28007-LFDIR.txt • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1CVE-2020-12783 – Debian Security Advisory 4687-1
https://notcve.org/view.php?id=CVE-2020-12783
11 May 2020 — Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. Exim versiones hasta 4.93, presenta una lectura fuera de límites en el autenticador SPA lo que podría resultar en una omisión de la autenticación SPA/NTLM en los archivos auths/spa.c y auths/auth-spa.c. It was discovered that exim4, a mail transport agent, suffers from a authentication bypass vulnerability in the spa authentication driver. The spa auth... • http://www.openwall.com/lists/oss-security/2021/05/04/7 • CWE-125: Out-of-bounds Read •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 1CVE-2020-8015 – Local privilege escalation in exim package from user mail to root
https://notcve.org/view.php?id=CVE-2020-8015
02 Apr 2020 — A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1. Una vulnerabilidad de seguimiento de enlace simbólico (Symlink) de UNIX en el empaquetado de exim en openSUSE Factory, permite a atacantes locales escalar desde un correo de usuario a root. Este problema afecta: exim de openSUSE Factory versiones anteriores a 4.93.0.4-3.1. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00010.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 40%CPEs: 4EXPL: 1CVE-2019-15846 – Ubuntu Security Notice USN-4124-2
https://notcve.org/view.php?id=CVE-2019-15846
06 Sep 2019 — Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. Exim versiones anteriores a 4.92.2, permite a atacantes remotos ejecutar código arbitrario como root por medio de una barra invertida al final de una URL. USN-4124-1 fixed a vulnerability in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Exim incorrectly handled certain decoding operations. • https://github.com/synacktiv/Exim-CVE-2019-15846 •
CVSS: 9.8EPSS: 94%CPEs: 7EXPL: 10CVE-2018-6789 – Exim Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-6789
08 Feb 2018 — An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. Se ha descubierto un problema en la función base64d en el escuchador SMTP en Exim, en versiones anteriores a la 4.90.1. Al enviar un mensaje manipulado, podría ocurrir un desbordamiento de búfer. • https://packetstorm.news/files/id/162959 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.0EPSS: 0%CPEs: 18EXPL: 0CVE-2017-1000369 – Qualys Security Advisory - the Stack Clash
https://notcve.org/view.php?id=CVE-2017-1000369
19 Jun 2017 — Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time. Exim es compatible con el uso de múltiples argumentos de líneas de... • http://www.debian.org/security/2017/dsa-3888 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2016-9963 – Ubuntu Security Notice USN-3164-1
https://notcve.org/view.php?id=CVE-2016-9963
05 Jan 2017 — Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. Exim en versiones anteriores a 4.87.1 podrían permitir a atacantes remotos obtener la clave de firma DKIM privada a través de vectores relacionados con archivos de registro y mensajes de devolución. Bjoern Jacke discovered that Exim incorrectly handled DKIM keys. In certain configurations, private DKIM signing keys could be leaked to the log files. • http://www.debian.org/security/2016/dsa-3747 • CWE-320: Key Management Errors •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 8CVE-2016-1531 – Exim - 'perl_startup' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-1531
08 Mar 2016 — Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. Exim en versiones anteriores a 4.86.2, cuando está instalado setuid root, permite a usuarios locales obtener privilegios a través del argumento perl_startup. It was discovered that Exim incorrectly filtered environment variables when used with the perl_startup configuration option. If the perl_startup option was enabled, a local attacker could use this issue to escalate their privileges to th... • https://packetstorm.news/files/id/136165 • CWE-264: Permissions, Privileges, and Access Controls •