Exim

Exim

58 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-67896

  • EPSS 0.08%
  • Veröffentlicht 14.12.2025 04:00:24
  • Zuletzt bearbeitet 22.12.2025 19:15:45

Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.

7.8

CVE-2025-30232

  • EPSS 0.03%
  • Veröffentlicht 27.03.2025 00:00:00
  • Zuletzt bearbeitet 30.09.2025 21:52:55

A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.

9.8

CVE-2025-26794

  • EPSS 72.09%
  • Veröffentlicht 21.02.2025 13:15:11
  • Zuletzt bearbeitet 18.12.2025 19:16:22

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)

5.4

CVE-2024-39929

Exploit
  • EPSS 63.53%
  • Veröffentlicht 04.07.2024 15:15:10
  • Zuletzt bearbeitet 10.07.2025 22:15:25

Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.

3.1

CVE-2023-42119

  • EPSS 0.73%
  • Veröffentlicht 03.05.2024 03:15:50
  • Zuletzt bearbeitet 03.11.2025 22:16:26

Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability...

9.8

CVE-2023-42117

  • EPSS 7.35%
  • Veröffentlicht 03.05.2024 03:15:50
  • Zuletzt bearbeitet 03.11.2025 22:16:26

Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability...

9.8

CVE-2023-42116

  • EPSS 6.73%
  • Veröffentlicht 03.05.2024 03:15:50
  • Zuletzt bearbeitet 04.11.2025 20:16:48

Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability....

9.8

CVE-2023-42115

  • EPSS 72.9%
  • Veröffentlicht 03.05.2024 03:15:50
  • Zuletzt bearbeitet 07.08.2025 18:04:28

Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific fl...

5.3

CVE-2023-42114

  • EPSS 13.9%
  • Veröffentlicht 03.05.2024 03:15:49
  • Zuletzt bearbeitet 04.11.2025 20:16:48

Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability....

5.3

CVE-2023-51766

Exploit
  • EPSS 1.64%
  • Veröffentlicht 24.12.2023 06:15:07
  • Zuletzt bearbeitet 04.11.2025 19:16:21

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mecha...