48 matches found
CVE-2026-40684
A flaw was found in Exim, specifically on systems utilizing musl libc. A remote attacker can exploit this vulnerability by providing malformed DNS data within PTR records. This can lead to the mail transfer agent MTA connection instance crashing, resulting in a Denial of Service DoS for affected...
CVE-2026-40684
In Exim before 4.99.2, on systems using musl libc (not glibc), a vulnerability can crash the connection instance when malformed DNS PTR data is present. The issue arises from a dn_expand octal printing oddity in the handling of PTR records, as described in multiple sources. Affected software/comp...
ROS-20260310-73-0017
An Exim mail server vulnerability is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
📄 Qualys Security Advisory - Exim 21Nails Advisory
Qualys audited central parts of the Exim mail server and discovered 21 vulnerabilities, with 11 being local vulnerabilities and 10 being remote vulnerabilities. This is older research from 2021 that was missing from the archive. Qualys Security Advisory 21Nails: Multiple vulnerabilities in Exim...
The vulnerability of the Exim mail server, related to the use of memory after it is freed, allows attackers to increase their privileges.
The vulnerability of the Exim mail server is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...
ROS-20250417-07
Exim mail server vulnerability is related to memory usage after memory is freed. Exploitation of the vulnerability could allow an attacker to escalate his privileges...
ROS-20250403-03
Vulnerability of SQLite hints and ETRN serialization functions of Exim mail server is related to failure to take measures to protect SQL query structure. SQL query structure protection. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sendi...
SUSE CVE-2025-30232
A use-after-free in Exim 4.96 through 4.98.1 could allow users with command-line access to escalate privileges...
Vulnerabilities include SQLite hint functions and ETRN serialization of the Exim mail server, which allows attackers to cause service interruptions.
The vulnerabilities of SQLite’s hints and Exim mail server’s ETRN serialization are related to the lack of measures taken to protect the SQL query structure. Exploiting these vulnerabilities can allow a malicious actor to cause service failures by sending specially crafted SQL queries...
DEBIAN-CVE-2025-26794
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...
ROS-20240911-05
A vulnerability in the libspf2 library of the Exim mail server is related to an integer overflow resulting from the of SPF macros. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code...
ROS-20240730-09
Vulnerability of NTLM New Technology LAN Manager protocol implementation in Exim mail server is related to operation exceeding buffer boundaries in memory when processing requests. Exploitation of the vulnerability could allow a remote intruder to gain unauthorized access to protected information...
ROS-20240712-01
Vulnerability in Multiline RFC 2231 component of Exim mail server is related to incorrect analysis of the the multiline RFC 2231 header file name. Exploitation of the vulnerability could allow an attacker, acting remotely, to deliver executable attachments to end-user mailboxes...
Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments
A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes. The vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98. "Exim...
ROS-20240408-20
A vulnerability in the smtp service of the Exim mail server is related to the injection of email messages with a spoofed MAIL FROM address, which allows bypassing the SPF protection mechanism. spoofed MAIL FROM address, which allows to bypass SPF protection mechanism. Exploitation of the...
ROS-20240408-21
A vulnerability in the smtp service of the Exim mail server is related to the injection of email messages with a spoofed MAIL FROM address, which allows bypassing the SPF protection mechanism. spoofed MAIL FROM address, which allows to bypass SPF protection mechanism. Exploitation of the...
USN-6611-1 exim4 vulnerability
It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism...
The vulnerability of the SMTP mail server service in Exim allows a hacker to execute arbitrary code.
The vulnerability of the Exim mail server’s SMTP service relates to the ability to write data beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting the AUTHOR command remotely...
The vulnerability of the Exim SMTP mail server allows a hacker to execute arbitrary code.
The vulnerability of the Exim mail server’s SMTP service is related to the execution of operations beyond the buffer boundaries in memory, as a result of incorrect processing of special elements. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
The vulnerability of the NTLM (New Technology LAN Manager) protocol implemented by the Exim mail server allows a hacker to gain unauthorized access to protected information.
The vulnerability of the NTLM New Technology LAN Manager protocol implemented by the Exim mail server is related to the occurrence of operations outside the buffer in memory during request processing. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized acce...