Lucene search
K

65 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:26 p.m.5 views

CVE-2020-28019

Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA...

7.5CVSS7.5AI score0.61061EPSS
Exploits1
OPENSUSE Linux
OPENSUSE Linux
added 2021/05/20 12:0 a.m.69 views

Security update for exim (critical)

openSUSE Security Update: Security update for exim Announcement ID: openSUSE-SU-2021:0754-1 Rating: critical References: 1079832 1171490 1171877 1173693 1185631 Cross-References: CVE-2017-1000369 CVE-2017-16943 CVE-2017-16944 CVE-2018-6789 CVE-2019-16928 CVE-2020-12783 CVE-2020-28007 CVE-2020-280...

9.8CVSS8AI score0.82238EPSS
Exploits34References5
NVD
NVD
added 2021/05/06 1:15 p.m.23 views

CVE-2020-28017

Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receiveaddrecipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption...

9.8CVSS0.36071EPSS
Exploits1References1
NVD
NVD
added 2021/05/06 1:15 p.m.13 views

CVE-2020-28025

Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkimfinishbodyhash does not validate the relationship between sig-bodyhash.len and b-bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory...

7.5CVSS0.02712EPSS
Exploits1References1
NVD
NVD
added 2021/05/06 1:15 p.m.24 views

CVE-2020-28021

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via AUTH= in a MAIL FROM command...

9CVSS0.0406EPSS
Exploits1References1
NVD
NVD
added 2021/05/06 1:15 p.m.15 views

CVE-2020-28023

Exim 4 before 4.94.2 allows Out-of-bounds Read. smtpsetupmsg may disclose sensitive information from process memory to an unauthenticated SMTP client...

7.5CVSS0.02556EPSS
Exploits1References1
NVD
NVD
added 2021/05/06 1:15 p.m.31 views

CVE-2020-28019

Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA...

7.5CVSS0.61061EPSS
Exploits1References1
NVD
NVD
added 2021/05/06 1:15 p.m.30 views

CVE-2020-28018

Exim 4 before 4.94.2 allows Use After Free in smtpreset in certain situations that may be common for builds with OpenSSL...

9.8CVSS0.55834EPSS
Exploits3References8
NVD
NVD
added 2021/05/06 1:15 p.m.19 views

CVE-2020-28011

Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queuerun via two sender options: -R and -S. This may cause privilege escalation from exim to root...

7.8CVSS0.00397EPSS
Exploits1References1
OSV
OSV
added 2021/05/06 1:15 p.m.20 views

CVE-2020-28011

Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queuerun via two sender options: -R and -S. This may cause privilege escalation from exim to root...

7.8CVSS9.6AI score0.00397EPSS
Exploits1References1
OSV
OSV
added 2021/05/06 1:15 p.m.30 views

CVE-2020-28016

Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parsefixphrase...

7.8CVSS6.8AI score0.00399EPSS
Exploits1References1
OSV
OSV
added 2021/05/06 1:15 p.m.36 views

CVE-2020-28019

Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA...

7.5CVSS9.4AI score0.61061EPSS
Exploits1References1
OSV
OSV
added 2021/05/06 1:15 p.m.18 views

CVE-2020-28013

Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.'" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy...

7.8CVSS9.7AI score0.00397EPSS
Exploits1References1
OSV
OSV
added 2021/05/06 1:15 p.m.15 views

CVE-2020-28014

Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten...

6.1CVSS9.3AI score0.00948EPSS
Exploits1References1
OSV
OSV
added 2021/05/06 1:15 p.m.33 views

CVE-2020-28021

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via AUTH= in a MAIL FROM command...

8.8CVSS9.6AI score0.0406EPSS
Exploits1References1
OSV
OSV
added 2021/05/06 1:15 p.m.22 views

CVE-2020-28015

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character...

7.8CVSS9.5AI score0.00379EPSS
Exploits1References1
OSV
OSV
added 2021/05/06 1:15 p.m.23 views

CVE-2020-28012

Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rdainterpret uses a privileged pipe that lacks a close-on-exec flag...

7.8CVSS9.3AI score0.00399EPSS
Exploits1References1
OSV
OSV
added 2021/05/06 1:15 p.m.22 views

CVE-2020-28022

Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands...

9.8CVSS9.5AI score0.02959EPSS
Exploits1References1
Prion
Prion
added 2021/05/06 1:15 p.m.54 views

Input validation

Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA...

5CVSS8.4AI score0.61061EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/05/06 1:15 p.m.44 views

Command injection

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via AUTH= in a MAIL FROM command...

9CVSS9.3AI score0.0406EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder