CVSS: 9.8EPSS: 3%CPEs: 51EXPL: 0CVE-2014-2957
https://notcve.org/view.php?id=CVE-2014-2957
04 Sep 2014 — The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function. La función dmarc_process en dmarc.c en Exim anterior a 4.82.1, cuando EXPERIMENTAL_DMARC está habilitado, permite a atacantes remotos ejecutar código arbitrario a través de la cabecera Desde en un email, lo cual es pasado a la función expand_string. • http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 0CVE-2014-2972 – Ubuntu Security Notice USN-2933-1
https://notcve.org/view.php?id=CVE-2014-2972
04 Sep 2014 — expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. expand.c en Exim anterior a 4.83 expande las comparaciones matemáticas dos veces, lo que permite a usuarios locales ganar privilegios y ejecutar comandos arbitrarios a través de un valor lookup maniulado. It was discovered that Exim incorrectly filtered environment variables when used with the perl_startup configuration option. If the per... • http://git.exim.org/exim.git/commitdiff/7685ce68148a083d7759e78d01aa5198fc099c44 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 64%CPEs: 9EXPL: 0CVE-2012-5671 – Gentoo Linux Security Advisory 201401-32
https://notcve.org/view.php?id=CVE-2012-5671
31 Oct 2012 — Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server. Desbordamiento de búfer basado en memoria dinámica en la función dkim_exim_query_dns_txt en dkim.c en Exim v4.70 hasta v4.80, cuando el soporte DKIM está habilitado y acl_smtp_connect y acl_smtp_... • http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091664.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •