33 matches found
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Exim vulnerabilities (USN-8228-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8228-1 advisory. It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possib...
CVE-2026-40687
CVE-2026-40687 affects Exim before 4.99.2. When the SPA authentication driver is used with an adversarial SPA resource, an out-of-bounds write can crash the connection instance, or erroneous data processing can divulge data from uninitialized heap memory. Connected sources consistently describe t...
CVE-2026-40687
In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory...
EUVD-2026-26445
In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory...
EUVD-2005-0023
Malware in sbrugna...
EUVD-2020-5068
Malware in sbrugna...
SUSE CVE-2005-0022
Buffer overflow in the spabase64tobits function in Exim before 4.43, as originally obtained from Samba code, and as called by the authspaclient function, may allow attackers to execute arbitrary code during SPA authentication...
SUSE CVE-2020-12783
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c...
Debian DLA-2213-1 : exim4 security update
It was discovered that exim4, a mail transport agent, suffers from a authentication bypass vulnerability in the spa authentication driver. The spa authentication driver is not enabled by default. For Debian 8 'Jessie', this problem has been fixed in version 4.84.2-2+deb8u7. We recommend that you...
Debian: Security Advisory (DLA-2213-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-4687-1 : exim4 - security update
It was discovered that exim4, a mail transport agent, suffers from a authentication bypass vulnerability in the spa authentication driver. The spa authentication driver is not enabled by default. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...
[SECURITY] [DSA 4687-1] exim4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4687-1 [email protected] https://www.debian.org/security/ Florian Weimer May 16, 2020 https://www.debian.org/security/faq -...
Exim <= 4.43 auth_spa_server() Remote PoC Exploit
No description provided by source. / ecl-eximspa.c Yuri Gushin [email protected] Howdy : This is pretty straightforward, an exploit for the recently discovered vulnerability in Exim's all versions prior to and including 4.43 SPA authentication code - spabase64tobits will overflow a fixed-size...
Fedora Core 3 : exim-4.43-1.FC3.1 (2005-002)
This erratum fixes two relatively minor security issues which were discovered in Exim in the last few weeks. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2005-0021 and CVE-2005-0022 to these, respectively. 1. The function hostaton can overflow a buffer...
Gentoo Security Advisory GLSA 200501-23 (exim)
The remote host is missing updates announced in advisory GLSA 200501-23. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gentoo Security Advisory GLSA 200501-23 (exim)
The remote host is missing updates announced in advisory GLSA 200501-23. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
CVE-2005-0022
Buffer overflow in the spabase64tobits function in Exim before 4.43, as originally obtained from Samba code, and as called by the authspaclient function, may allow attackers to execute arbitrary code during SPA authentication...
CVE-2005-0022
Buffer overflow in the spabase64tobits function in Exim before 4.43, as originally obtained from Samba code, and as called by the authspaclient function, may allow attackers to execute arbitrary code during SPA authentication...
CVE-2005-0022
Buffer overflow in the spabase64tobits function in Exim before 4.43, as originally obtained from Samba code, and as called by the authspaclient function, may allow attackers to execute arbitrary code during SPA authentication...
security flaw
Buffer overflow in the spabase64tobits function in Exim before 4.43, as originally obtained from Samba code, and as called by the authspaclient function, may allow attackers to execute arbitrary code during SPA authentication...