Lucene search
K

75 matches found

OSV
OSV
added 2026/06/10 12:22 p.m.14 views

USN-6455-2 exim4 regression

USN-6455-1 fixed vulnerabilities in Exim. The fix for CVE-2023-42117 introduced a regression on Ubuntu 22.04 LTS that resulted in certain connections logging a Taint mismatch error. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered tha...

9.8CVSS8.2AI score0.05673EPSS
Exploits0References2
Debian
Debian
added 2026/06/05 7:58 a.m.14 views

[SECURITY] [DLA 4615-1] exim4 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4615-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz June 05, 2026 https://wiki.debian.org/LTS -...

5.3CVSS5.3AI score0.00264EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2026/05/13 12:0 a.m.4 views

The vulnerability of the ungetc() function in the BDAT/CHUNKING component of the email server Exim, which allows a hacker to execute arbitrary code.

The vulnerability of the ungetc function in the BDAT/CHUNKING component of the email server Exim relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

10CVSS7.8AI score0.01225EPSS
Exploits2References5Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/05/12 12:0 a.m.14 views

Debian dsa-6265 : exim4 - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6265 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6265-1 [email protected]...

9.8CVSS6.2AI score0.00373EPSS
Exploits0References11
Fedora
Fedora
added 2026/05/10 3:23 a.m.14 views

[SECURITY] Fedora 42 Update: exim-4.99.2-1.fc42

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/05 3:9 p.m.8 views

CVE-2026-40684

A flaw was found in Exim, specifically on systems utilizing musl libc. A remote attacker can exploit this vulnerability by providing malformed DNS data within PTR records. This can lead to the mail transfer agent MTA connection instance crashing, resulting in a Denial of Service DoS for affected...

7.5CVSS6AI score0.00362EPSS
Exploits0References2
CVE
CVE
added 2026/04/30 12:0 a.m.21 views

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc (not glibc), a vulnerability can crash the connection instance when malformed DNS PTR data is present. The issue arises from a dn_expand octal printing oddity in the handling of PTR records, as described in multiple sources. Affected software/comp...

7.5CVSS5.2AI score0.00362EPSS
Exploits0References5Affected Software1
Redos
Redos
added 2026/03/10 12:0 a.m.7 views

ROS-20260310-73-0017

An Exim mail server vulnerability is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

9.8CVSS6.1AI score0.00411EPSS
Exploits0
Packet Storm
Packet Storm
added 2026/02/11 12:0 a.m.397 views

📄 Qualys Security Advisory - Exim 21Nails Advisory

Qualys audited central parts of the Exim mail server and discovered 21 vulnerabilities, with 11 being local vulnerabilities and 10 being remote vulnerabilities. This is older research from 2021 that was missing from the archive. Qualys Security Advisory 21Nails: Multiple vulnerabilities in Exim...

10CVSS5.6AI score0.99961EPSS
Exploits82
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.10 views

The vulnerability of the Exim mail server, related to the use of memory after it is freed, allows attackers to increase their privileges.

The vulnerability of the Exim mail server is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...

8.1CVSS7.5AI score0.00509EPSS
Exploits0References10Affected Software5
Redos
Redos
added 2025/04/17 12:0 a.m.8 views

ROS-20250417-07

Exim mail server vulnerability is related to memory usage after memory is freed. Exploitation of the vulnerability could allow an attacker to escalate his privileges...

8.1CVSS7AI score0.00509EPSS
Exploits0
Redos
Redos
added 2025/04/03 12:0 a.m.20 views

ROS-20250403-03

Vulnerability of SQLite hints and ETRN serialization functions of Exim mail server is related to failure to take measures to protect SQL query structure. SQL query structure protection. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sendi...

9.8CVSS7.7AI score0.75782EPSS
Exploits6
SUSE CVE
SUSE CVE
added 2025/03/27 12:13 a.m.5 views

SUSE CVE-2025-30232

A use-after-free in Exim 4.96 through 4.98.1 could allow users with command-line access to escalate privileges...

7.8CVSS7.2AI score0.00509EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/02/24 12:0 a.m.11 views

Vulnerabilities include SQLite hint functions and ETRN serialization of the Exim mail server, which allows attackers to cause service interruptions.

The vulnerabilities of SQLite’s hints and Exim mail server’s ETRN serialization are related to the lack of measures taken to protect the SQL query structure. Exploiting these vulnerabilities can allow a malicious actor to cause service failures by sending specially crafted SQL queries...

7.8CVSS7.8AI score0.75782EPSS
Exploits6References7Affected Software3
OSV
OSV
added 2025/02/21 1:15 p.m.3 views

DEBIAN-CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...

9.8CVSS8.4AI score0.75782EPSS
Exploits6References1
Redos
Redos
added 2024/09/11 12:0 a.m.22 views

ROS-20240911-05

A vulnerability in the libspf2 library of the Exim mail server is related to an integer overflow resulting from the of SPF macros. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code...

8.8CVSS7.8AI score0.51474EPSS
Exploits0
Ubuntu
Ubuntu
added 2024/07/31 6:40 p.m.24 views

USN-6939-1: Exim vulnerability

Phillip Szelat discovered that Exim misparses multiline MIME header filenames. A remote attacker could use this issue to bypass a MIME filename extension-blocking protection mechanism and possibly deliver executable attachments to the mailboxes of end users...

5.4CVSS6.9AI score0.41225EPSS
Exploits5
Redos
Redos
added 2024/07/30 12:0 a.m.32 views

ROS-20240730-09

Vulnerability of NTLM New Technology LAN Manager protocol implementation in Exim mail server is related to operation exceeding buffer boundaries in memory when processing requests. Exploitation of the vulnerability could allow a remote intruder to gain unauthorized access to protected information...

5.3CVSS7.1AI score0.28084EPSS
Exploits0
Redos
Redos
added 2024/07/13 12:0 a.m.28 views

ROS-20240712-01

Vulnerability in Multiline RFC 2231 component of Exim mail server is related to incorrect analysis of the the multiline RFC 2231 header file name. Exploitation of the vulnerability could allow an attacker, acting remotely, to deliver executable attachments to end-user mailboxes...

5.4CVSS6.8AI score0.41225EPSS
Exploits5
The Hacker News
The Hacker News
added 2024/07/12 10:51 a.m.25 views

Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments

A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes. The vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98. "Exim...

5.4CVSS7.3AI score0.41225EPSS
Exploits5
Rows per page
Query Builder