CVSS: 5.3EPSS: 3%CPEs: 7EXPL: 1CVE-2023-51766 – Debian Security Advisory 5597-1
https://notcve.org/view.php?id=CVE-2023-51766
24 Dec 2023 — Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. Exim hasta 4.97 permite el contrabando SMTP en ciertas configuraciones. • http://www.openwall.com/lists/oss-security/2023/12/24/1 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 10.0EPSS: 63%CPEs: 1EXPL: 2CVE-2023-42115 – Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-42115
27 Sep 2023 — Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. • https://github.com/kirinse/cve-2023-42115 • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 6%CPEs: 1EXPL: 0CVE-2023-42116 – Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-42116
27 Sep 2023 — Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. • https://www.zerodayinitiative.com/advisories/ZDI-23-1470 • CWE-121: Stack-based Buffer Overflow •
CVSS: 3.7EPSS: 12%CPEs: 1EXPL: 0CVE-2023-42114 – Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-42114
27 Sep 2023 — Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. • https://www.zerodayinitiative.com/advisories/ZDI-23-1468 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2022-37452 – Ubuntu Security Notice USN-5574-1
https://notcve.org/view.php?id=CVE-2022-37452
07 Aug 2022 — Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. Exim versiones anteriores a 4.95, presenta un desbordamiento de búfer en la región heap de la memoria para la lista de alias en la función host_name_lookup en el archivo host.c cuando sender_host_name está establecido It was discovered that Exim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. • https://github.com/Exim/exim/commit/d4bc023436e4cce7c23c5f8bb5199e178b4cc743 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 3%CPEs: 3EXPL: 1CVE-2022-37451
https://notcve.org/view.php?id=CVE-2022-37451
06 Aug 2022 — Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. Exim versiones anteriores a 4.96, presenta una liberación no válida en el archivo pam_converse en auths/call_pam.c porque store_free no es usada después de store_malloc • https://cwe.mitre.org/data/definitions/762.html • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2021-38371 – Ubuntu Security Notice USN-6881-1
https://notcve.org/view.php?id=CVE-2021-38371
10 Aug 2021 — The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. La función STARTTLS en Exim versiones hasta 4.94.2, permite la inyección de respuestas (buffering) durante el envío MTA SMTP It was discovered that Exim did not enforce STARTTLS sync point on client side. An attacker could possibly use this issue to perform response injection during MTA SMTP sending. • https://nostarttls.secvuln.info • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28012 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28012
06 May 2021 — Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag. Exim 4 versiones anteriores a 4.94.2 permite una Exposición del Descriptor de Archivo para una Esfera de Control No Prevista porque la función rda_interpret usa una tubería privilegiada que carece de un indicador de cierre en ejecución USN-4934-1 fixed several vulnerabilities in Exim. This update provides the corresponding update for Ubuntu 14.04 ... • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28012-CLOSE.txt •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-28026 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28026
06 May 2021 — Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root. Exim 4 versiones anteriores a 4.94.2, presenta una Neutralización Inapropiada de Delimitadores de Línea, relevante en configuraciones no predeterminadas que habilitan la Delivery Status Notifica... • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28026-FGETS.txt •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28025 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28025
06 May 2021 — Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory. Exim 4 versiones anteriores a 4.94.2, permite una lectura fuera de límites porque pdkim_finish_bodyhash no comprueba la relación entre sig-)bodyhash.len y b-)bh.len; por lo tanto, un encabezado DKIM-Signature diseñado podría conllevar una filtración... • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28025-BHASH.txt • CWE-125: Out-of-bounds Read •