Exim

Exim

63 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-42117

  • EPSS 7.35%
  • Veröffentlicht 03.05.2024 03:15:50
  • Zuletzt bearbeitet 03.11.2025 22:16:26

Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability...

9.8

CVE-2023-42116

  • EPSS 6.73%
  • Veröffentlicht 03.05.2024 03:15:50
  • Zuletzt bearbeitet 04.11.2025 20:16:48

Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability....

9.8

CVE-2023-42115

  • EPSS 70.69%
  • Veröffentlicht 03.05.2024 03:15:50
  • Zuletzt bearbeitet 07.08.2025 18:04:28

Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific fl...

5.3

CVE-2023-42114

  • EPSS 13.9%
  • Veröffentlicht 03.05.2024 03:15:49
  • Zuletzt bearbeitet 04.11.2025 20:16:48

Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability....

5.3

CVE-2023-51766

Exploit
  • EPSS 1.64%
  • Veröffentlicht 24.12.2023 06:15:07
  • Zuletzt bearbeitet 04.11.2025 19:16:21

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mecha...

9.8

CVE-2022-3620

  • EPSS 1.23%
  • Veröffentlicht 20.10.2022 20:15:09
  • Zuletzt bearbeitet 23.05.2025 18:29:51

A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The ...

7.5

CVE-2022-3559

  • EPSS 0.47%
  • Veröffentlicht 17.10.2022 18:15:12
  • Zuletzt bearbeitet 03.11.2025 22:16:00

A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. I...

9.8

CVE-2022-37452

Exploit
  • EPSS 4.7%
  • Veröffentlicht 07.08.2022 18:15:08
  • Zuletzt bearbeitet 21.11.2024 07:15:00

Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.

7.5

CVE-2022-37451

Exploit
  • EPSS 6.07%
  • Veröffentlicht 06.08.2022 18:15:08
  • Zuletzt bearbeitet 21.11.2024 07:15:00

Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.

7.5

CVE-2021-38371

  • EPSS 2.21%
  • Veröffentlicht 10.08.2021 15:15:08
  • Zuletzt bearbeitet 03.11.2025 22:15:50

The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.