CVSS: 9.8EPSS: 4%CPEs: 70EXPL: 0CVE-2011-1764 – Gentoo Linux Security Advisory 201401-32
https://notcve.org/view.php?id=CVE-2011-1764
05 Oct 2011 — Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character. Vulnerabilidad de formato de cadena en la función dkim_exim_verify_finish de src/dkim.c de Exim en versiones anteriores a 4.76. Puede permitir a atacantes remotos ejecutar código ... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2011-1407 – Gentoo Linux Security Advisory 201401-32
https://notcve.org/view.php?id=CVE-2011-1407
16 May 2011 — The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity. La implementación de DKIM en Exim v4.7x con anterioridad a v4.76 permite la comparación de las identidades DKIM para aplicar a las operaciones de búsqueda artículos, en lugar de sólo cadenas, que permite a atacantes remotos ejecutar código arbitrario o acceso a un sistema... • http://www.debian.org/security/2011/dsa-2236 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 67EXPL: 0CVE-2011-0017 – Gentoo Linux Security Advisory 201401-32
https://notcve.org/view.php?id=CVE-2011-0017
02 Feb 2011 — The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack. La función open_log en log.c de Exim v4.72 y anteriores no comprueba el valor devuelto por (1) setuid o (2) llamadas del sistema setgid, lo que permite a usuarios locales anexar los datos de registro a los archivos de su elección mediante un ataque de enlace simbólico. Multiple vulnerabilities ... • ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74 • CWE-20: Improper Input Validation CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 57%CPEs: 64EXPL: 4CVE-2010-4344 – Exim Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2010-4344
14 Dec 2010 — Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging. Desbordamiento de búfer basado en montículo en la función string_vformat en string.c en Exim antes de v4.70 permite a atacantes remotos ejecutar código arbitrario a través de una sesión de SMTP que incluye dos comando... • https://www.exploit-db.com/exploits/16925 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 11%CPEs: 67EXPL: 1CVE-2010-4345 – Exim Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2010-4345
14 Dec 2010 — Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive. Exim v4.72 y anteriores permiten a usuarios locales ganar privilegios potenciando la habilidad especificar un archivo de cuenta de usuario con una configuración alternativa mediante una directiva que contenga comandos de su elección, como se demostró con la... • https://www.exploit-db.com/exploits/16925 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 33EXPL: 0CVE-2010-2023 – Gentoo Linux Security Advisory 201401-32
https://notcve.org/view.php?id=CVE-2010-2023
07 Jun 2010 — transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file. transports/appendfile.c en Exim antes de v4.72, cuando se usa un directorio de correo con permisos de escritura para todos y sticky-bit activado, no verifica el campo de st_nlink de los ficheros de buzón de correo, que permite ... • http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 33EXPL: 0CVE-2010-2024 – Gentoo Linux Security Advisory 201401-32
https://notcve.org/view.php?id=CVE-2010-2024
07 Jun 2010 — transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/. transports/appendfile.c en Exim anterior a v4.72, cuando el bloqueo MBX está habilitado, permite a usuarios locales cambiar permisos de archivos o crear archivos de su elección, y provocar una denegación de servicio o posiblemente obtener privileg... • http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 3CVE-2005-0021 – Exim 4.41 - 'dns_build_reverse' Local Read Emails
https://notcve.org/view.php?id=CVE-2005-0021
06 Jan 2005 — Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function. • https://www.exploit-db.com/exploits/1009 •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2005-0022
https://notcve.org/view.php?id=CVE-2005-0022
06 Jan 2005 — Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication. • http://ftp6.us.freebsd.org/pub/mail/exim/ChangeLogs/ChangeLog-4.44 •
CVSS: 9.8EPSS: 42%CPEs: 2EXPL: 2CVE-2004-0399 – Exim Sender 3.35 - Verification Remote Stack Buffer Overrun
https://notcve.org/view.php?id=CVE-2004-0399
12 May 2004 — Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification. Desbordamiento de búfer basado en la plia en Exim 3.35, y otras versiones anteriores a 4, cuando la opción sender_verify está activada, permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario durante la verificación del remitente. • https://www.exploit-db.com/exploits/24093 •