CVSS: 10.0EPSS: 25%CPEs: 4EXPL: 1CVE-2019-15846
https://notcve.org/view.php?id=CVE-2019-15846
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash. Exim versiones anteriores a 4.92.2, permite a atacantes remotos ejecutar código arbitrario como root por medio de una barra invertida al final de una URL. • https://github.com/synacktiv/Exim-CVE-2019-15846 http://exim.org/static/doc/security/CVE-2019-15846.txt http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00024.html http://www.openwall.com/lists/oss-security/2019/09/06/2 http://www.openwall.com/lists/oss-security/2019/09/06/4 http://www.openwall.com/lists/oss-security/2019/09/06/5 http://www.openwall.com/lists/oss-security/2019/09/06/6 http://www.openwall.com/lists/oss-security/2019/09/ •
CVSS: 10.0EPSS: 7%CPEs: 3EXPL: 0CVE-2019-13917
https://notcve.org/view.php?id=CVE-2019-13917
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain). Exim versiones 4.85 hasta 4.92 (corregido en 4.92.1) permite la ejecución de código remota como root en algunas configuraciones inusuales que usan la expansión ${sort} para elementos que pueden ser controlados por un atacante (por ejemplo, $local_part o $domain). • http://exim.org/static/doc/security/CVE-2019-13917.txt http://www.openwall.com/lists/oss-security/2019/07/26/5 https://seclists.org/bugtraq/2019/Jul/51 https://security.gentoo.org/glsa/201909-06 https://www.debian.org/security/2019/dsa-4488 • CWE-19: Data Processing Errors •
CVSS: 10.0EPSS: 97%CPEs: 4EXPL: 17CVE-2019-10149 – Exim Mail Transfer Agent (MTA) Improper Input Validation
https://notcve.org/view.php?id=CVE-2019-10149
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. Se descubrió un defecto Exim versiones 4.87 a la 4.91 (incluida). Una validación incorrecta de la dirección del recipiente en la función deliver_message() en /src/deliver.c puede llevar a ejecutar comandos remotos Exim versions 4.87 through 4.91 suffer from a local privilege escalation vulnerability. Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. • https://www.exploit-db.com/exploits/46996 https://www.exploit-db.com/exploits/47307 https://www.exploit-db.com/exploits/46974 https://github.com/cowbe0x004/eximrce-CVE-2019-10149 https://github.com/Diefunction/CVE-2019-10149 https://github.com/AzizMea/CVE-2019-10149-privilege-escalation https://github.com/darsigovrustam/CVE-2019-10149 https://github.com/aishee/CVE-2019-10149-quick https://github.com/hyim0810/CVE-2019-10149 https://github.com/Stick-U235/CVE-2019-10149-Exploit& • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 95%CPEs: 7EXPL: 4CVE-2018-6789 – Exim Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-6789
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. Se ha descubierto un problema en la función base64d en el escuchador SMTP en Exim, en versiones anteriores a la 4.90.1. Al enviar un mensaje manipulado, podría ocurrir un desbordamiento de búfer. • https://www.exploit-db.com/exploits/45671 https://www.exploit-db.com/exploits/44571 https://github.com/synacktiv/Exim-CVE-2018-6789 https://github.com/beraphin/CVE-2018-6789 http://openwall.com/lists/oss-security/2018/02/10/2 http://packetstormsecurity.com/files/162959/Exim-base64d-Buffer-Overflow.html http://www.openwall.com/lists/oss-security/2018/02/07/2 http://www.securityfocus.com/bid/103049 http://www.securitytracker.com/id/1040461 https://devco.re/blog/201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.0EPSS: 0%CPEs: 18EXPL: 0CVE-2017-1000369
https://notcve.org/view.php?id=CVE-2017-1000369
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time. Exim es compatible con el uso de múltiples argumentos de líneas de comandos \"-p\" en los que se emplea la función malloc() y nunca la función free(). Estos argumentos, junto con otros problemas permite que los atacantes provoquen la ejecución de código arbitrario. • http://www.debian.org/security/2017/dsa-3888 http://www.securityfocus.com/bid/99252 http://www.securitytracker.com/id/1038779 https://access.redhat.com/security/cve/CVE-2017-1000369 https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21 https://security.gentoo.org/glsa/201709-19 https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt • CWE-404: Improper Resource Shutdown or Release •