Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 has an improper initialization issue that can lead to recursive stack consumption or other consequences. This occurs because the use of certain getc functions is handled incorrectly when a client uses BDAT instead of DATA...

Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because getstdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow multiple days...

EUVD-2026-26445

In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory...

EUVD-2026-26443

In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping...

CVE-2025-67896

Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation...

EUVD-2002-0271

Malware in sbrugna...

EUVD-2020-20498

Malware in sbrugna...

EUVD-2016-10748

Malware in sbrugna...

CVE-2020-28023

Exim 4 before 4.94.2 allows Out-of-bounds Read. smtpsetupmsg may disclose sensitive information from process memory to an unauthenticated SMTP client...

CVE-2020-28022

Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands...

[SECURITY] Fedora 41 Update: exim-4.98.2-1.fc41

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

CVE-2025-30232

A use-after-free in Exim 4.96 through 4.98.1 could allow users with command-line access to escalate privileges...

Exim 4.98 < 4.98.1 SQLi Vulnerability

Exim is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:exim:exim"; if description...

CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection...

CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...

CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...

CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...

CVE-2025-26794

Exim 4.98 is vulnerable to a remote SQL injection when using SQLite hints and ETRN serialization. The root cause is unsafely constructed SQL in hints DB, enabling injection via the ETRN path (ETRN #), potentially allowing data extraction and broader impact on databases accessible to the Exim proc...

Exim < 4.92.2 RCE

Binary data 701176.prm...

exim -- Privilege escalation via multiple memory leaks

Qualsys reports: Exim supports the use of multiple "-p" command line arguments which are malloc'ed and never free'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has...