| 0 |
| url |
VCID-11f7-csrn-8qca |
| vulnerability_id |
VCID-11f7-csrn-8qca |
| summary |
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2024-39929
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
4.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-11f7-csrn-8qca |
|
| 1 |
| url |
VCID-187h-k5te-7fay |
| vulnerability_id |
VCID-187h-k5te-7fay |
| summary |
Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account.
. Was ZDI-CAN-17643. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-42119
|
| risk_score |
1.4 |
| exploitability |
0.5 |
| weighted_severity |
2.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-187h-k5te-7fay |
|
| 2 |
| url |
VCID-1ez7-f2qd-e7b6 |
| vulnerability_id |
VCID-1ez7-f2qd-e7b6 |
| summary |
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
https://usn.ubuntu.com/4010-1/ |
| reference_id |
4010-1 |
| reference_type |
|
| scores |
| 0 |
| value |
9 |
| scoring_system |
cvssv3 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
|
| 1 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/ |
|
|
| url |
https://usn.ubuntu.com/4010-1/ |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-10149
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1ez7-f2qd-e7b6 |
|
| 3 |
| url |
VCID-1ftq-tne2-1bc1 |
| vulnerability_id |
VCID-1ftq-tne2-1bc1 |
| summary |
Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to disclose information in the context of the service account.
. Was ZDI-CAN-17433. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-42114
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1ftq-tne2-1bc1 |
|
| 4 |
|
| 5 |
|
| 6 |
| url |
VCID-2sqq-jsr5-n3aw |
| vulnerability_id |
VCID-2sqq-jsr5-n3aw |
| summary |
An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://usn.ubuntu.com/3565-1/ |
| reference_id |
3565-1 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/ |
|
|
| url |
https://usn.ubuntu.com/3565-1/ |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-6789
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2sqq-jsr5-n3aw |
|
| 7 |
|
| 8 |
| url |
VCID-42eh-c97t-2beg |
| vulnerability_id |
VCID-42eh-c97t-2beg |
| summary |
A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://vuldb.com/?id.211073 |
| reference_id |
?id.211073 |
| reference_type |
|
| scores |
| 0 |
| value |
4.6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:41Z/ |
|
|
| url |
https://vuldb.com/?id.211073 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-3559
|
| risk_score |
2.0 |
| exploitability |
0.5 |
| weighted_severity |
4.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-42eh-c97t-2beg |
|
| 9 |
|
| 10 |
|
| 11 |
| url |
VCID-5cbh-nmrw-hkc6 |
| vulnerability_id |
VCID-5cbh-nmrw-hkc6 |
| summary |
Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2005-0022
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5cbh-nmrw-hkc6 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
| url |
VCID-93x9-7cp1-s3d3 |
| vulnerability_id |
VCID-93x9-7cp1-s3d3 |
| summary |
In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-40685
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-93x9-7cp1-s3d3 |
|
| 21 |
|
| 22 |
| url |
VCID-ba64-2f17-57g5 |
| vulnerability_id |
VCID-ba64-2f17-57g5 |
| summary |
Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2005-0021
|
| risk_score |
null |
| exploitability |
2.0 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ba64-2f17-57g5 |
|
| 23 |
| url |
VCID-bbpw-c7nq-1kgx |
| vulnerability_id |
VCID-bbpw-c7nq-1kgx |
| summary |
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-4345
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bbpw-c7nq-1kgx |
|
| 24 |
|
| 25 |
|
| 26 |
| url |
VCID-czkm-mkwx-wbcm |
| vulnerability_id |
VCID-czkm-mkwx-wbcm |
| summary |
Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account.
. Was ZDI-CAN-17515. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-42116
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-czkm-mkwx-wbcm |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
| url |
VCID-esn3-rb5p-qqeb |
| vulnerability_id |
VCID-esn3-rb5p-qqeb |
| summary |
Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2002-1381
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-esn3-rb5p-qqeb |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
| url |
VCID-hhte-snaq-ruh5 |
| vulnerability_id |
VCID-hhte-snaq-ruh5 |
| summary |
In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be divulged within an error message produced during handling of an unrelated e-mail message. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-40686
|
| risk_score |
1.6 |
| exploitability |
0.5 |
| weighted_severity |
3.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hhte-snaq-ruh5 |
|
| 36 |
|
| 37 |
|
| 38 |
| url |
VCID-knvr-uzut-wkhd |
| vulnerability_id |
VCID-knvr-uzut-wkhd |
| summary |
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.) |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://exim.org |
| reference_id |
exim.org |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-21T16:11:25Z/ |
|
|
| url |
https://exim.org |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
|
| aliases |
CVE-2025-26794
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-knvr-uzut-wkhd |
|
| 39 |
|
| 40 |
|
| 41 |
| url |
VCID-p1b8-8hf7-jugt |
| vulnerability_id |
VCID-p1b8-8hf7-jugt |
| summary |
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
| reference_url |
https://usn.ubuntu.com/4141-1/ |
| reference_id |
4141-1 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/ |
|
|
| url |
https://usn.ubuntu.com/4141-1/ |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-16928
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p1b8-8hf7-jugt |
|
| 42 |
| url |
VCID-p1c3-vexn-pqdc |
| vulnerability_id |
VCID-p1c3-vexn-pqdc |
| summary |
Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account.
. Was ZDI-CAN-17434. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-42115
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p1c3-vexn-pqdc |
|
| 43 |
|
| 44 |
| url |
VCID-pvvh-j2qs-2fg5 |
| vulnerability_id |
VCID-pvvh-j2qs-2fg5 |
| summary |
The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2014-2957
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pvvh-j2qs-2fg5 |
|
| 45 |
| url |
VCID-q5we-p3d3-xuf3 |
| vulnerability_id |
VCID-q5we-p3d3-xuf3 |
| summary |
Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2004-0400
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q5we-p3d3-xuf3 |
|
| 46 |
|
| 47 |
|
| 48 |
|
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
|
| 53 |
| url |
VCID-syut-2gvg-jqer |
| vulnerability_id |
VCID-syut-2gvg-jqer |
| summary |
In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-40687
|
| risk_score |
2.1 |
| exploitability |
0.5 |
| weighted_severity |
4.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-syut-2gvg-jqer |
|
| 54 |
|
| 55 |
| url |
VCID-ufwa-bnb1-67b7 |
| vulnerability_id |
VCID-ufwa-bnb1-67b7 |
| summary |
A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211919. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://vuldb.com/?id.211919 |
| reference_id |
?id.211919 |
| reference_type |
|
| scores |
| 0 |
| value |
5.6 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:15Z/ |
|
|
| url |
https://vuldb.com/?id.211919 |
|
| 6 |
|
|
| fixed_packages |
|
| aliases |
CVE-2022-3620
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ufwa-bnb1-67b7 |
|
| 56 |
|
| 57 |
|
| 58 |
| url |
VCID-v4en-4atd-1qex |
| vulnerability_id |
VCID-v4en-4atd-1qex |
| summary |
Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2004-0399
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-v4en-4atd-1qex |
|
| 59 |
|
| 60 |
| url |
VCID-w86m-chaw-13bw |
| vulnerability_id |
VCID-w86m-chaw-13bw |
| summary |
In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-40684
|
| risk_score |
2.6 |
| exploitability |
0.5 |
| weighted_severity |
5.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w86m-chaw-13bw |
|
| 61 |
|
| 62 |
| url |
VCID-x2um-ftjf-vfec |
| vulnerability_id |
VCID-x2um-ftjf-vfec |
| summary |
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
| reference_url |
http://www.osvdb.org/69685 |
| reference_id |
69685 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ |
|
|
| url |
http://www.osvdb.org/69685 |
|
| 23 |
|
| 24 |
|
| 25 |
| reference_url |
ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70 |
| reference_id |
ChangeLog-4.70 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ |
|
|
| url |
ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
|
| 40 |
|
| 41 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-4344
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x2um-ftjf-vfec |
|
| 63 |
| url |
VCID-x2y8-pxnp-zfgv |
| vulnerability_id |
VCID-x2y8-pxnp-zfgv |
| summary |
Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-67896
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x2y8-pxnp-zfgv |
|
| 64 |
| url |
VCID-x6nj-yg7f-uqce |
| vulnerability_id |
VCID-x6nj-yg7f-uqce |
| summary |
Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17554. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-42117
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x6nj-yg7f-uqce |
|
| 65 |
|
| 66 |
|
| 67 |
| url |
VCID-yqdx-ec3r-gbe1 |
| vulnerability_id |
VCID-yqdx-ec3r-gbe1 |
| summary |
A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-53881
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yqdx-ec3r-gbe1 |
|
| 68 |
|