RSS   Vulnerabilities for 'EXIM'   RSS

2019-09-06
 
CVE-2019-15846

CWE-119
 

 
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.

 
2019-07-25
 
CVE-2019-13917

CWE-19
 

 
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).

 
2019-06-05
 
CVE-2019-10149

CWE-20
 

 
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

 
2018-02-08
 
CVE-2018-6789

CWE-119
 

 
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.

 
2017-11-25
 
CVE-2017-16944

CWE-400
 

 
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.

 
 
CVE-2017-16943

CWE-416
 

 
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.

 
2017-06-19
 
CVE-2017-1000369

 

 
Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.

 
2017-02-01
 
CVE-2016-9963

 

 
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.

 
2016-04-07
 
CVE-2016-1531

 

 
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.

 
2014-09-04
 
CVE-2014-2972

 

 
expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.

 


Copyright 2019, cxsecurity.com

 

Back to Top