CVSS: 5.3EPSS: 1%CPEs: 7EXPL: 1CVE-2023-51766 – Debian Security Advisory 5597-1
https://notcve.org/view.php?id=CVE-2023-51766
24 Dec 2023 — Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not. Exim hasta 4.97 permite el contrabando SMTP en ciertas configuraciones. • http://www.openwall.com/lists/oss-security/2023/12/24/1 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-37452 – Ubuntu Security Notice USN-5574-1
https://notcve.org/view.php?id=CVE-2022-37452
07 Aug 2022 — Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set. Exim versiones anteriores a 4.95, presenta un desbordamiento de búfer en la región heap de la memoria para la lista de alias en la función host_name_lookup en el archivo host.c cuando sender_host_name está establecido It was discovered that Exim incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. • https://github.com/Exim/exim/commit/d4bc023436e4cce7c23c5f8bb5199e178b4cc743 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-37451
https://notcve.org/view.php?id=CVE-2022-37451
06 Aug 2022 — Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. Exim versiones anteriores a 4.96, presenta una liberación no válida en el archivo pam_converse en auths/call_pam.c porque store_free no es usada después de store_malloc • https://cwe.mitre.org/data/definitions/762.html • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38371 – Ubuntu Security Notice USN-6881-1
https://notcve.org/view.php?id=CVE-2021-38371
10 Aug 2021 — The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending. La función STARTTLS en Exim versiones hasta 4.94.2, permite la inyección de respuestas (buffering) durante el envío MTA SMTP It was discovered that Exim did not enforce STARTTLS sync point on client side. An attacker could possibly use this issue to perform response injection during MTA SMTP sending. • https://nostarttls.secvuln.info • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28017 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28017
06 May 2021 — Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption. Exim 4 versiones anteriores a 4.94.2, permite un Desbordamiento de Enteros para el Desbordamiento del Búfer en la función receive_add_recipient por medio de un mensaje de correo electrónico con cincuenta millones de destinatarios. NOTA: una explotación remota puede ser difícil debido al c... • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28017-RCPTL.txt • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28013 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28013
06 May 2021 — Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy. Exim 4 versiones anteriores a 4.94.2, permite un Desbordamiento de Búfer en la Región Heap de la Memoria porque maneja inapropiadamente "-F '.('" en la línea de comando y, por lo tanto, puede permitir una escalada de privilegios de cualquier usuario a root. Esto ocurre... • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28013-PFPSN.txt • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28009 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28009
06 May 2021 — Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow (multiple days). Exim 4 versiones anteriores a 4.94.2 permite el Desbordamiento de Enteros para un Desbordamiento de Búfer porque la función get_stdinput permite lecturas ilimitadas que van acompañadas de aumentos ilimitados en una determinada v... • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28009-STDIN.txt • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28008 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28008
06 May 2021 — Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution. Exim 4 versiones anteriores a 4.94.2, permite una ejecución con Privilegios Innecesarios. Debido a que Exim opera como root en el directorio spool (propiedad para un usuario no root), un atacante puede escribir ... • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28008-SPDIR.txt • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28025 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28025
06 May 2021 — Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory. Exim 4 versiones anteriores a 4.94.2, permite una lectura fuera de límites porque pdkim_finish_bodyhash no comprueba la relación entre sig-)bodyhash.len y b-)bh.len; por lo tanto, un encabezado DKIM-Signature diseñado podría conllevar una filtración... • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28025-BHASH.txt • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28012 – Debian Security Advisory 4912-1
https://notcve.org/view.php?id=CVE-2020-28012
06 May 2021 — Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag. Exim 4 versiones anteriores a 4.94.2 permite una Exposición del Descriptor de Archivo para una Esfera de Control No Prevista porque la función rda_interpret usa una tubería privilegiada que carece de un indicador de cierre en ejecución USN-4934-1 fixed several vulnerabilities in Exim. This update provides the corresponding update for Ubuntu 14.04 ... • https://www.exim.org/static/doc/security/CVE-2020-qualys/CVE-2020-28012-CLOSE.txt •