CVE-2022-37451

Exim before 4.96 has an invalid free in pamconverse in auths/callpam.c because storefree is not used after storemalloc...

Unspecified Vulnerability in Exim

Exim was developed at Cambridge University as a Message Transfer Agent MTA for Unix systems connected to the Internet. Exim has a security vulnerability. An attacker can exploit the vulnerability by authenticating a remote SMTP client to insert line breaks into a fake offline file via AUTH= in th...

Unspecified Vulnerability in Exim (CNVD-2021-34533)

Exim was developed at Cambridge University as a Message Transfer Agent MTA for Unix systems connected to the Internet. A security vulnerability exists in Exim. The vulnerability stems from the fact that recipient addresses can have newline characters, which can be exploited by a local attacker to...

CVE-2020-28007

Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory owned by a non-root user, a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem...

CVE-2002-0274

Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C configuration file and other command line arguments...