Exim

Exim

64 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2%
  • Veröffentlicht 10.08.2021 15:15:08
  • Zuletzt bearbeitet 03.11.2025 22:15:50

The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.

Exploit
  • EPSS 0.98%
  • Veröffentlicht 06.05.2021 13:15:12
  • Zuletzt bearbeitet 21.11.2024 05:57:36

Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.

  • EPSS 36.65%
  • Veröffentlicht 06.05.2021 13:15:09
  • Zuletzt bearbeitet 21.11.2024 05:22:12

Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.

  • EPSS 9.25%
  • Veröffentlicht 06.05.2021 13:15:09
  • Zuletzt bearbeitet 21.11.2024 05:22:14

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unau...

  • EPSS 2.76%
  • Veröffentlicht 06.05.2021 13:15:09
  • Zuletzt bearbeitet 21.11.2024 05:22:13

Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process ...

  • EPSS 4.15%
  • Veröffentlicht 06.05.2021 13:15:09
  • Zuletzt bearbeitet 21.11.2024 05:22:13

Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such a...

  • EPSS 2.61%
  • Veröffentlicht 06.05.2021 13:15:09
  • Zuletzt bearbeitet 21.11.2024 05:22:13

Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client.

  • EPSS 3.02%
  • Veröffentlicht 06.05.2021 13:15:09
  • Zuletzt bearbeitet 21.11.2024 05:22:13

Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands.

  • EPSS 4.14%
  • Veröffentlicht 06.05.2021 13:15:09
  • Zuletzt bearbeitet 21.11.2024 05:22:13

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command.

  • EPSS 7.94%
  • Veröffentlicht 06.05.2021 13:15:09
  • Zuletzt bearbeitet 21.11.2024 05:22:13

Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction.