Exim

Exim

63 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4

CVE-2017-1000369

  • EPSS 0.41%
  • Veröffentlicht 19.06.2017 16:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note...

5.9

CVE-2016-9963

  • EPSS 1.88%
  • Veröffentlicht 01.02.2017 15:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.

7

CVE-2016-1531

Exploit
  • EPSS 56.77%
  • Veröffentlicht 07.04.2016 23:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.

4.6

CVE-2014-2972

  • EPSS 0.21%
  • Veröffentlicht 04.09.2014 17:55:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.

6.8

CVE-2014-2957

  • EPSS 1.82%
  • Veröffentlicht 04.09.2014 17:55:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.

6.8

CVE-2012-5671

  • EPSS 31.64%
  • Veröffentlicht 31.10.2012 16:55:06
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers t...

7.5

CVE-2011-1764

  • EPSS 4.72%
  • Veröffentlicht 05.10.2011 02:56:24
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM...

7.5

CVE-2011-1407

  • EPSS 0.55%
  • Veröffentlicht 16.05.2011 18:55:00
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.

6.9

CVE-2011-0017

  • EPSS 0.12%
  • Veröffentlicht 02.02.2011 01:00:06
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

7.8

CVE-2010-4345

Warnung Medienbericht
  • EPSS 6.51%
  • Veröffentlicht 14.12.2010 16:00:04
  • Zuletzt bearbeitet 21.04.2026 20:30:40

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory direct...