CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30232 – Debian Security Advisory 5887-1
https://notcve.org/view.php?id=CVE-2025-30232
27 Mar 2025 — A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. It was discovered that Exim incorrectly handled certain memory operations. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code. • https://www.exim.org/static/doc/security/CVE-2025-30232.txt • CWE-416: Use After Free •
CVSS: 7.8EPSS: 34%CPEs: 1EXPL: 2CVE-2025-26794 – Exim 4.98 SQL Injection
https://notcve.org/view.php?id=CVE-2025-26794
21 Feb 2025 — Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. Exim 4.98 anterior a la versíon 4.98.1 permite una inyección SQL remota cuando se usan serialización de ETRN con la tabla hints en SQLite. Exim versions 4.98 before 4.98.1 suffer from a remote SQL injection vulnerability. • https://github.com/OscarBataille/CVE-2025-26794 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 8%CPEs: 7EXPL: 1CVE-2023-51766 – Debian Security Advisory 5597-1
https://notcve.org/view.php?id=CVE-2023-51766
24 Dec 2023 — Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. Exim hasta 4.97 permite el contrabando SMTP en ciertas configuraciones. • http://www.openwall.com/lists/oss-security/2023/12/24/1 • CWE-345: Insufficient Verification of Data Authenticity •