CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28011 – Ubuntu Security Notice USN-4934-1
https://notcve.org/view.php?id=CVE-2020-28011
04 May 2021 — Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root. Exim 4 versiones anteriores a 4.94.2 permite un Desbordamiento de Búfer en la Región Heap de la Memoria en la función queue_run por medio de dos opciones de remitente: -R y -S. Esto puede causar una escalada de privilegios de exim a root It was discovered that Exim contained multiple security issues. An attacker could use these issues to cause a d... • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28011-SPRSS.txt • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28015 – Ubuntu Security Notice USN-4934-1
https://notcve.org/view.php?id=CVE-2020-28015
04 May 2021 — Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character. Exim 4 versiones anteriores a 4.94.2, presenta Neutralización Inapropiada de Delimitadores de Línea. Los usuarios locales pueden alterar el comportamiento de los procesos root porque la dirección de un destinatario pueda tener un carácter newline It was discovered that Exim contained multiple security issues. An attacker could use... • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28015-NLEND.txt •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2020-28023 – Ubuntu Security Notice USN-4934-1
https://notcve.org/view.php?id=CVE-2020-28023
04 May 2021 — Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client. Exim 4 versiones anteriores a 4.94.2, permite una lectura fuera de límites. La función smtp_setup_msg puede divulgar información confidencial de la memoria del proceso a un cliente SMTP no autenticado It was discovered that Exim contained multiple security issues. An attacker could use these issues to cause a denial of service, execute arbitrary code r... • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28023-SCHAD.txt • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 4%CPEs: 11EXPL: 1CVE-2020-12783 – Debian Security Advisory 4687-1
https://notcve.org/view.php?id=CVE-2020-12783
11 May 2020 — Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. Exim versiones hasta 4.93, presenta una lectura fuera de límites en el autenticador SPA lo que podría resultar en una omisión de la autenticación SPA/NTLM en los archivos auths/spa.c y auths/auth-spa.c. It was discovered that exim4, a mail transport agent, suffers from a authentication bypass vulnerability in the spa authentication driver. The spa auth... • http://www.openwall.com/lists/oss-security/2021/05/04/7 • CWE-125: Out-of-bounds Read •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 1CVE-2020-8015 – Local privilege escalation in exim package from user mail to root
https://notcve.org/view.php?id=CVE-2020-8015
02 Apr 2020 — A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1. Una vulnerabilidad de seguimiento de enlace simbólico (Symlink) de UNIX en el empaquetado de exim en openSUSE Factory, permite a atacantes locales escalar desde un correo de usuario a root. Este problema afecta: exim de openSUSE Factory versiones anteriores a 4.93.0.4-3.1. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00010.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 63%CPEs: 4EXPL: 1CVE-2019-15846 – Ubuntu Security Notice USN-4124-2
https://notcve.org/view.php?id=CVE-2019-15846
06 Sep 2019 — Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. Exim versiones anteriores a 4.92.2, permite a atacantes remotos ejecutar código arbitrario como root por medio de una barra invertida al final de una URL. USN-4124-1 fixed a vulnerability in Exim. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Exim incorrectly handled certain decoding operations. • https://github.com/synacktiv/Exim-CVE-2019-15846 •
CVSS: 9.8EPSS: 74%CPEs: 7EXPL: 10CVE-2018-6789 – Exim Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-6789
08 Feb 2018 — An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. Se ha descubierto un problema en la función base64d en el escuchador SMTP en Exim, en versiones anteriores a la 4.90.1. Al enviar un mensaje manipulado, podría ocurrir un desbordamiento de búfer. • https://packetstorm.news/files/id/162959 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.0EPSS: 0%CPEs: 18EXPL: 0CVE-2017-1000369 – Qualys Security Advisory - the Stack Clash
https://notcve.org/view.php?id=CVE-2017-1000369
19 Jun 2017 — Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time. Exim es compatible con el uso de múltiples argumentos de líneas de... • http://www.debian.org/security/2017/dsa-3888 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.9EPSS: 1%CPEs: 6EXPL: 0CVE-2016-9963 – Ubuntu Security Notice USN-3164-1
https://notcve.org/view.php?id=CVE-2016-9963
05 Jan 2017 — Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. Exim en versiones anteriores a 4.87.1 podrían permitir a atacantes remotos obtener la clave de firma DKIM privada a través de vectores relacionados con archivos de registro y mensajes de devolución. Bjoern Jacke discovered that Exim incorrectly handled DKIM keys. In certain configurations, private DKIM signing keys could be leaked to the log files. • http://www.debian.org/security/2016/dsa-3747 • CWE-320: Key Management Errors •
CVSS: 7.0EPSS: 31%CPEs: 1EXPL: 8CVE-2016-1531 – Exim - 'perl_startup' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-1531
08 Mar 2016 — Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. Exim en versiones anteriores a 4.86.2, cuando está instalado setuid root, permite a usuarios locales obtener privilegios a través del argumento perl_startup. It was discovered that Exim incorrectly filtered environment variables when used with the perl_startup configuration option. If the perl_startup option was enabled, a local attacker could use this issue to escalate their privileges to th... • https://packetstorm.news/files/id/136165 • CWE-264: Permissions, Privileges, and Access Controls •