CVSS: 10.0EPSS: 20%CPEs: 3EXPL: 0CVE-2019-13917 – Ubuntu Security Notice USN-4075-1
https://notcve.org/view.php?id=CVE-2019-13917
25 Jul 2019 — Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain). Exim versiones 4.85 hasta 4.92 (corregido en 4.92.1) permite la ejecución de código remota como root en algunas configuraciones inusuales que usan la expansión ${sort} para elementos que pueden ser controlados por un atacante (por ejemplo, $local_part o $domain). Jeremy Harris discovered th... • http://exim.org/static/doc/security/CVE-2019-13917.txt • CWE-19: Data Processing Errors •
CVSS: 10.0EPSS: 93%CPEs: 4EXPL: 26CVE-2019-10149 – Exim Mail Transfer Agent (MTA) Improper Input Validation
https://notcve.org/view.php?id=CVE-2019-10149
05 Jun 2019 — A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. Se descubrió un defecto Exim versiones 4.87 a la 4.91 (incluida). Una validación incorrecta de la dirección del recipiente en la función deliver_message() en /src/deliver.c puede llevar a ejecutar comandos remotos The Qualys Research Labs reported a flaw in Exim, a mail transport agent. Improper validation of the recipient ... • https://packetstorm.news/files/id/154198 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 74%CPEs: 7EXPL: 10CVE-2018-6789 – Exim Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-6789
08 Feb 2018 — An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. Se ha descubierto un problema en la función base64d en el escuchador SMTP en Exim, en versiones anteriores a la 4.90.1. Al enviar un mensaje manipulado, podría ocurrir un desbordamiento de búfer. • https://packetstorm.news/files/id/162959 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 76%CPEs: 3EXPL: 3CVE-2017-16943 – Ubuntu Security Notice USN-3493-1
https://notcve.org/view.php?id=CVE-2017-16943
25 Nov 2017 — The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands. La función receive_msg en receive.c en el demonio SMTP en Exim 4.88 y 4.89 permite que atacantes remotos ejecuten código arbitrario o provoquen una denegación de servicio (uso de memoria previamente liberada) mediante vectores relacionados con comandos BDAT. It was discovered that Exim incorrectly h... • https://github.com/beraphin/CVE-2017-16943 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 75%CPEs: 3EXPL: 3CVE-2017-16944 – Exim 4.89 - 'BDAT' Denial of Service
https://notcve.org/view.php?id=CVE-2017-16944
25 Nov 2017 — The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function. La función receive_msg en receive.c en el demonio SMTP en Exim 4.88 y 4.89 permite que atacantes remotos provoquen una denegación de servicio (bucle infinito y agotamiento de pila) mediante vecto... • https://packetstorm.news/files/id/145152 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.0EPSS: 0%CPEs: 18EXPL: 0CVE-2017-1000369 – Qualys Security Advisory - the Stack Clash
https://notcve.org/view.php?id=CVE-2017-1000369
19 Jun 2017 — Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time. Exim es compatible con el uso de múltiples argumentos de líneas de... • http://www.debian.org/security/2017/dsa-3888 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.9EPSS: 1%CPEs: 6EXPL: 0CVE-2016-9963 – Ubuntu Security Notice USN-3164-1
https://notcve.org/view.php?id=CVE-2016-9963
05 Jan 2017 — Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. Exim en versiones anteriores a 4.87.1 podrían permitir a atacantes remotos obtener la clave de firma DKIM privada a través de vectores relacionados con archivos de registro y mensajes de devolución. Bjoern Jacke discovered that Exim incorrectly handled DKIM keys. In certain configurations, private DKIM signing keys could be leaked to the log files. • http://www.debian.org/security/2016/dsa-3747 • CWE-320: Key Management Errors •
CVSS: 7.0EPSS: 37%CPEs: 1EXPL: 8CVE-2016-1531 – Exim - 'perl_startup' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-1531
08 Mar 2016 — Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. Exim en versiones anteriores a 4.86.2, cuando está instalado setuid root, permite a usuarios locales obtener privilegios a través del argumento perl_startup. It was discovered that Exim incorrectly filtered environment variables when used with the perl_startup configuration option. If the perl_startup option was enabled, a local attacker could use this issue to escalate their privileges to th... • https://packetstorm.news/files/id/136165 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 51EXPL: 0CVE-2014-2957
https://notcve.org/view.php?id=CVE-2014-2957
04 Sep 2014 — The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function. La función dmarc_process en dmarc.c en Exim anterior a 4.82.1, cuando EXPERIMENTAL_DMARC está habilitado, permite a atacantes remotos ejecutar código arbitrario a través de la cabecera Desde en un email, lo cual es pasado a la función expand_string. • http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 0CVE-2014-2972 – Ubuntu Security Notice USN-2933-1
https://notcve.org/view.php?id=CVE-2014-2972
04 Sep 2014 — expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. expand.c en Exim anterior a 4.83 expande las comparaciones matemáticas dos veces, lo que permite a usuarios locales ganar privilegios y ejecutar comandos arbitrarios a través de un valor lookup maniulado. It was discovered that Exim incorrectly filtered environment variables when used with the perl_startup configuration option. If the per... • http://git.exim.org/exim.git/commitdiff/7685ce68148a083d7759e78d01aa5198fc099c44 • CWE-189: Numeric Errors •