CVSS: 10.0EPSS: 97%CPEs: 4EXPL: 17CVE-2019-10149 – Exim Mail Transfer Agent (MTA) Improper Input Validation
https://notcve.org/view.php?id=CVE-2019-10149
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. Se descubrió un defecto Exim versiones 4.87 a la 4.91 (incluida). Una validación incorrecta de la dirección del recipiente en la función deliver_message() en /src/deliver.c puede llevar a ejecutar comandos remotos Exim versions 4.87 through 4.91 suffer from a local privilege escalation vulnerability. Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. • https://www.exploit-db.com/exploits/46996 https://www.exploit-db.com/exploits/47307 https://www.exploit-db.com/exploits/46974 https://github.com/cowbe0x004/eximrce-CVE-2019-10149 https://github.com/Diefunction/CVE-2019-10149 https://github.com/AzizMea/CVE-2019-10149-privilege-escalation https://github.com/darsigovrustam/CVE-2019-10149 https://github.com/aishee/CVE-2019-10149-quick https://github.com/hyim0810/CVE-2019-10149 https://github.com/Stick-U235/CVE-2019-10149-Exploit& • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 95%CPEs: 7EXPL: 4CVE-2018-6789 – Exim Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2018-6789
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. Se ha descubierto un problema en la función base64d en el escuchador SMTP en Exim, en versiones anteriores a la 4.90.1. Al enviar un mensaje manipulado, podría ocurrir un desbordamiento de búfer. • https://www.exploit-db.com/exploits/45671 https://www.exploit-db.com/exploits/44571 https://github.com/synacktiv/Exim-CVE-2018-6789 https://github.com/beraphin/CVE-2018-6789 http://openwall.com/lists/oss-security/2018/02/10/2 http://packetstormsecurity.com/files/162959/Exim-base64d-Buffer-Overflow.html http://www.openwall.com/lists/oss-security/2018/02/07/2 http://www.securityfocus.com/bid/103049 http://www.securitytracker.com/id/1040461 https://devco.re/blog/201 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •