Lucene search
K

358 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in exim4

A vulnerability was discovered in Exim and has been classified as problematic. This issue affects certain aspects of the component Regex Handler’s processing. The vulnerability results in memory leaks after the component is freed from memory. The name of the patch is...

7.5CVSS6.2AI score0.03661EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 allowed a heap-based buffer overflow in queuerun, through two sender options: -R and -S. This could lead to privilege escalation from exim to root...

7.8CVSS7.2AI score0.00393EPSS
Exploits1References1
Ubuntu
Ubuntu
added 2026/06/10 12:22 p.m.11 views

USN-6455-2: Exim regression

USN-6455-1 fixed vulnerabilities in Exim. The fix for CVE-2023-42117 introduced a regression on Ubuntu 22.04 LTS that resulted in certain connections logging a Taint mismatch error. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered tha...

6AI score
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/02 3:27 p.m.6 views

Astra Linux – Vulnerability in exim4

In Exim versions before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be a vulnerability where an out-of-bounds write could cause the connection instance to crash, or erroneous data processing could lead to data being leaked from uninitialized heap...

9.1CVSS5.9AI score0.00373EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/02 3:27 p.m.4 views

Astra Linux – Vulnerability in exim4

In Exim before 4.99.2, when utf8 operators are enabled, there is a potential for out-of-bounds reading if large UTF-8 trailing characters are present malformed UTF-8 header data. Information may be disclosed within an error message generated during the processing of an unrelated email message...

5.3CVSS6.2AI score0.00246EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.22 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Exim vulnerability (USN-8353-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8353-1 advisory. Warisjeet Singh discovered that Exim with SUPPORTPROXY enabled did not properly handle memory before SMTP authentication. A remote...

5.3CVSS5.6AI score0.00264EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 1:24 p.m.11 views

USN-8353-1 exim4 vulnerability

Warisjeet Singh discovered that Exim with SUPPORTPROXY enabled did not properly handle memory before SMTP authentication. A remote attacker could possibly use this issue to obtain sensitive information...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/01 1:24 p.m.15 views

USN-8353-1: Exim vulnerability

Warisjeet Singh discovered that Exim with SUPPORTPROXY enabled did not properly handle memory before SMTP authentication. A remote attacker could possibly use this issue to obtain sensitive information...

5.3CVSS5.8AI score0.00264EPSS
Exploits0
NVD
NVD
added 2026/05/30 2:16 a.m.16 views

CVE-2026-48840

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client...

5.3CVSS0.00264EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/30 1:50 a.m.12 views

CVE-2026-48840

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/30 1:50 a.m.14 views

EUVD-2026-33446

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/30 1:50 a.m.77 views

CVE-2026-48840

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client...

5.3CVSS0.00264EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-44997

Name of the Vulnerable Software and Affected Versions Exim versions 4.88 through 4.99.3 Description In certain proxy configurations, the PROXY-protocol parser mishandles short payloads, resulting in a pre-authentication information disclosure. This issue allows the leakage of uninitialized stack...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References31
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in exim4

Exim 4.98 before 4.98.1 allowed remote SQL injection when SQLite hints and ETRN serialization were used. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...

9.8CVSS8.2AI score0.75782EPSS
Exploits6References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in exim4

Exim before version 4.95 has a heap-based buffer overflow for the alias list in hostnamelookup in host.c when senderhostname is set...

9.8CVSS8.6AI score0.0292EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkimfinishbodyhash does not validate the relationship between sig-bodyhash.len and b-bh.len; thus, a crafted DKIM-Signature header might lead to the leakage of sensitive information from process memory...

7.5CVSS7.6AI score0.02764EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 has an improper neutralization of line delimiters, which is relevant in non-default configurations that enable Delivery Status Notification DSN. Certain uses of ORCPT= can insert a new line into a spool header file, thereby indirectly allowing unauthenticated remote attackers...

9.8CVSS7.3AI score0.09251EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 allowed out-of-bounds read vulnerabilities. The smtpsetupmsg function may disclose sensitive information from the process memory to an unauthenticated SMTP client...

7.5CVSS7.5AI score0.02606EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 allowed Buffer Underwrite, which could allow unauthenticated remote attackers to execute arbitrary commands. This is because smtpungetc was only intended for pushing back characters, but it can actually be used to push back non-character error codes, such as EOF...

9.8CVSS8.2AI score0.04153EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 allowed execution with unnecessary privileges. Since Exim operates as root in the log directory which is owned by a non-root user, a symlink or hard link attack could allow overwriting of critical root-owned files anywhere in the filesystem...

7.8CVSS7.5AI score0.00526EPSS
Exploits3References1
Rows per page
Query Builder