Lucene search
K

2186 matches found

CVE
CVE
added 2026/05/12 12:0 a.m.197 views

CVE-2026-45185

Exim (MTA) vulnerability CVE-2026-45185 is a use-after-free in the BDAT body parsing when using GnuTLS. Triggered by a TLS close_notify mid-body during a CHUNKING transfer followed by a final cleartext byte on the same TCP connection, it can cause heap corruption and potential arbitrary code exec...

9.8CVSS6.2AI score0.01225EPSS
Exploits2References8Affected Software1
Debian CVE
Debian CVE
added 2026/05/12 12:0 a.m.14 views

CVE-2026-45185

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS closenotify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to...

9.8CVSS6.2AI score0.01225EPSS
Exploits2
Fedora
Fedora
added 2026/05/10 3:23 a.m.14 views

[SECURITY] Fedora 42 Update: exim-4.99.2-1.fc42

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/05/10 3:5 a.m.20 views

[SECURITY] Fedora 43 Update: exim-4.99.2-1.fc43

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/05/10 2:55 a.m.17 views

[SECURITY] Fedora 44 Update: exim-4.99.2-1.fc44

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.15 views

Fedora 44 : exim (2026-7f7b8d957f)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7f7b8d957f advisory. This is new version of exim fixing some security bugs. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.12 views

Fedora 42 : exim (2026-fff37fe569)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-fff37fe569 advisory. This is new version of exim fixing some security bugs. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.13 views

Fedora 43 : exim (2026-c23e1d19d2)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-c23e1d19d2 advisory. This is new version of exim fixing some security bugs. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/09 3:35 a.m.9 views

CLSA-2026-1778297730 exim: Fix of 2 CVEs

CVE-2026-40685: dewrap OOB read/write on trailing backslash in JSON header - CVE-2026-40687: SPA authenticator OOB read/write and base64 decode infoleak - Refresh Exim-Maintainers-Keyring.asc to verify the 4.99.x release tarball signature...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 11:40 a.m.9 views

CLSA-2026-1778147777 exim: Fix of CVE-2026-40685

CVE-2026-40685: fix OOB heap write in dewrap during JSON expansion...

9.8CVSS6AI score0.00321EPSS
Exploits0References1
CloudLinux
CloudLinux
added 2026/05/08 11:40 a.m.18 views

exim: Fix of CVE-2026-40685

CVE-2026-40685: fix OOB heap write in dewrap during JSON expansion...

9.8CVSS6AI score0.00321EPSS
Exploits0
Packet Storm
Packet Storm
added 2026/05/08 12:0 a.m.139 views

📄 Exim 4.91 Remote Command Execution

Exim versions 4.87 through 4.91 improper recipient-address validation remote command execution exploit. Spawns a netcat shell on port 31415 as root, then connects to it Vulnerablity is within Exim 4.87-4.91 import subprocess import socket import os import time from subprocess import Popen, PIPE...

10CVSS7.6AI score0.99961EPSS
Exploits27
OSV
OSV
added 2026/05/07 5:4 p.m.14 views

CLSA-2026-1778173472 exim: Fix of 2 CVEs

CVE-2026-40685: fix heap corruption when expanding malformed JSON - CVE-2026-40687: fix heap buffer overflow and infoleak in SPA authenticator...

9.8CVSS6.2AI score0.00373EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/07 2:40 p.m.155 views

Exploit for OS Command Injection in Exim

No d...

10CVSS7.5AI score0.99961EPSS
Exploits27
OSV
OSV
added 2026/05/05 11:46 p.m.8 views

CLSA-2026-1778024757 exim: Fix of CVE-2026-40687

CVE-2026-40687: fix uninitialized buffer and out-of-bounds writes in SPA authenticator...

9.1CVSS6.1AI score0.00373EPSS
Exploits0References1
CloudLinux
CloudLinux
added 2026/05/05 11:39 p.m.13 views

exim: Fix of CVE-2026-40687

CVE-2026-40687: fix uninitialized buffer and out-of-bounds writes in SPA authenticator...

9.1CVSS6.1AI score0.00373EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/05 3:9 p.m.8 views

CVE-2026-40685

A flaw was found in Exim. When JSON lookup is enabled, a remote attacker can send specially crafted malformed JSON in an untrusted header, leading to an out-of-bounds heap write. This issue, caused by an incorrect implementation of backslash skipping, can result in a denial of service...

9.8CVSS6AI score0.00321EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/05 3:9 p.m.11 views

CVE-2026-40687

A flaw was found in Exim. When the Secure Password Authentication SPA driver processes input from a malicious SPA resource, it can lead to an out-of-bounds write, causing the connection to crash and resulting in a Denial of Service DoS. This vulnerability also allows for the disclosure of sensiti...

9.1CVSS5.9AI score0.00373EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/05 3:9 p.m.8 views

CVE-2026-40684

A flaw was found in Exim, specifically on systems utilizing musl libc. A remote attacker can exploit this vulnerability by providing malformed DNS data within PTR records. This can lead to the mail transfer agent MTA connection instance crashing, resulting in a Denial of Service DoS for affected...

7.5CVSS6AI score0.00362EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.9 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Exim vulnerabilities (USN-8228-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8228-1 advisory. It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possib...

9.8CVSS6.3AI score0.00373EPSS
Exploits0References4
Rows per page
Query Builder