[SECURITY] Fedora 40 Update: exim-4.98.1-1.fc40

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

Linux Distros Unpatched Vulnerability : CVE-2018-6789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This...

CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...

PT-2025-7615

Name of the Vulnerable Software and Affected Versions Exim versions 4.98 through 4.98.0 Description The issue allows remote SQL injection when SQLite hints and ETRN serialization are used. This could potentially allow a remote attacker to perform SQL injection, possibly stealing sensitive data or...

SUSE CVE-2017-16944

The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service infinite loop and stack exhaustion via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the...

PT-2022-5379 · Exim +1 · Exim +1

Name of the Vulnerable Software and Affected Versions: Exim affected versions not specified Description: The issue affects the function dmarc dns lookup of the file dmarc.c of the component DMARC Handler. This is related to a use after free condition, which can be exploited by a remote attacker t...

OPENSUSE-SU-2019:2093-1 Security update for exim

exim was updated to fix a security issue: - CVE-2019-15846: Fixed a buffer overflow in SMTP Delivery process where a remote attacker could execute code with root privileges by sending crafted SNI data boo1149182...

CVE-2011-1407

The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity...

CVE-2010-4345

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spooldirectory directive...

CVE-2010-2023

transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the stnlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file...

Debian DSA-502-1 : exim-tls - buffer overflow

Georgi Guninski discovered two stack-based buffer overflows in exim and exim-tls. They cannot be exploited with the default configuration from the Debian system, though. The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update : -...

CVE-2004-0400

Stack-based buffer overflow in Exim 4 before 4.33, when the headerschecksyntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check...

[SECURITY] [DSA 097-1] New versions of Exim fix uncontrolled program execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 097-1 [email protected] http://www.debian.org/security/ Martin Schulze January 3rd, 2002 - -------------------------------------------------------------------------- Package : exim...