2186 matches found
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 has an improper restriction on write operations within the bounds of a memory buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 has an improper initialization issue that can lead to recursive stack consumption or other consequences. This occurs because the use of certain getc functions is handled incorrectly when a client uses BDAT instead of DATA...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allowed Use After Free in smtpreset in certain situations that might be common in builds using OpenSSL...
Astra Linux – Vulnerability in exim4
Exim 4.98 before 4.98.1 allowed remote SQL injection when SQLite hints and ETRN serialization were used. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 has an improper neutralization of line delimiters, which is relevant in non-default configurations that enable Delivery Status Notification DSN. Certain uses of ORCPT= can insert a new line into a spool header file, thereby indirectly allowing unauthenticated remote attackers...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow, because getstdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: Exploitation may be impractical due to the execution time required to cause an overflow multiple days...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allowed Buffer Underwrite, which could allow unauthenticated remote attackers to execute arbitrary commands. This is because smtpungetc was only intended for pushing back characters, but it can actually be used to push back non-character error codes, such as EOF...
Astra Linux – Vulnerability in exim4
Exim before version 4.95 has a heap-based buffer overflow for the alias list in hostnamelookup in host.c when senderhostname is set...
Astra Linux – Vulnerability in exim4
A vulnerability was discovered in Exim and has been classified as problematic. This issue affects certain aspects of the component Regex Handler’s processing. The vulnerability results in memory leaks after the component is freed from memory. The name of the patch is...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allows out-of-bounds write-ups, because the main function, while having setuid root, copies the current working directory pathname into a buffer that is too small on some common platforms...
Astra Linux – Vulnerability in exim4
Exim version 4.93 has a buffer overflow issue in the SPA authenticator, which could lead to bypassing SPA/NTLM authentication in the files auths/spa.c and auths/auth-spa.c...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkimfinishbodyhash does not validate the relationship between sig-bodyhash.len and b-bh.len; thus, a crafted DKIM-Signature header might lead to the leakage of sensitive information from process memory...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allowed out-of-bounds read vulnerabilities. The smtpsetupmsg function may disclose sensitive information from the process memory to an unauthenticated SMTP client...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 has an improper neutralization of line delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via the AUTH= parameter in the MAIL FROM command...
Astra Linux – Vulnerability in exim4
Exim 4 before 4.94.2 allowed a heap-based buffer overflow in the queuerun function, through two sender options: -R and -S. This could lead to privilege escalation from the exim user to the root user...
Linux Distros Unpatched Vulnerability : CVE-2026-45185
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends...
Exploit for CVE-2026-45185
CVE-2026-45185 Nuclei Template Validation Lab This repository...
The Machine Found It First. The Machine Will Exploit It Next.
& For decades, the question behind every CVE has been "who found it, and how fast can attackers catch up?" As of May 12, 2026, the question has flipped. Machines found the bug. Machines will weaponize the next one. The race is no longer human-versus-human with a stopwatch. Discovery Discovery...
The vulnerability was exploited in Exim.
The developers of Exim introduced a vulnerability in the Exim Mail Transfer Agent versions prior to 4.99.3. This vulnerability involves a use-after-free in the BDAT body parsing process, specifically when certain GnuTLS backend configurations are used. An unauthorized attacker can exploit this...
CLSA-2026-1778690918 exim: Fix of CVE-2026-40686
CVE-2026-40686: out-of-bounds read in the GETUTF8INC macro in src/expand.c when processing malformed UTF-8 in expansion operators with utf8 enabled, potentially disclosing heap data via SMTP rejection messages...