7 matches found
Fedora 44 : exim (2026-78bf093219)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-78bf093219 advisory. This is an update fixing a pre-authentication information disclosure CVE-2026-48840. Tenable has extracted the preceding description block directly from the...
Fedora 43 : exim (2026-71b1e9b455)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-71b1e9b455 advisory. This is an update fixing a pre-authentication information disclosure CVE-2026-48840. Tenable has extracted the preceding description block directly from the...
Debian dla-4615 : exim4 - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4615 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4615-1 [email protected] https://www.debian.org/lts/security/...
CVE-2026-48840
A flaw was found in Exim. In certain proxy configurations, Exim mishandles short data payloads. This can lead to the disclosure of uninitialized stack memory values to a remote client, potentially exposing sensitive information...
[BSA-135] Security Update for exim4
Andreas Metzler uploaded new packages for exim4 which fixed the following security problems: CVE-2026-48840 PROXYv2 parser: reject PROXY frames whose declared payload length is too short for the claimed address family 12 bytes for TCPv4/0x11, 36 bytes for TCPv6/0x21. Previously a frame with...
CVE-2026-48840
Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client...
Linux Distros Unpatched Vulnerability : CVE-2026-48840
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client...