University of Cambridge Exim 3.11

CPE Details

University of Cambridge Exim 3.11
exim
exim
3.11
2010-12-14
17h12 +00:00
2010-12-14
18h41 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:exim:exim:3.11:*:*:*:*:*:*:*

Informations

Vendor

exim

Product

exim

Version

3.11

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-51766 2023-12-23
23h00 +00:00		 Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some other popular e-mail servers do not.
5.3
Medium
CVE-2022-37452 2022-08-07
15h06 +00:00		 Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
9.8
Critical
CVE-2022-37451 2022-08-06
15h02 +00:00		 Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.
7.5
High
CVE-2021-38371 2021-08-10
12h06 +00:00		 The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.
7.5
High
CVE-2021-27216 2021-05-06
02h44 +00:00		 Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.
6.3
Medium
CVE-2020-28017 2021-05-06
01h55 +00:00		 Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.
9.8
Critical
CVE-2020-12783 2020-05-11
11h51 +00:00		 Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.
7.5
High
CVE-2020-8015 2020-04-02
07h55 +00:00		 A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.
8.4
High
CVE-2019-15846 2019-09-06
08h15 +00:00		 Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
9.8
Critical
CVE-2018-6789 2018-02-08
23h00 +00:00		 An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.
9.8
Critical
CVE-2017-1000369 2017-06-19
14h00 +00:00		 Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.
4
Medium
CVE-2016-9963 2017-02-01
14h00 +00:00		 Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
5.9
Medium
CVE-2016-1531 2016-04-07
21h00 +00:00		 Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
7
High
CVE-2014-2957 2014-09-04
15h00 +00:00		 The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.
6.8
CVE-2014-2972 2014-09-04
15h00 +00:00		 expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.
4.6
CVE-2011-1764 2011-10-04
23h00 +00:00		 Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
7.5
CVE-2011-0017 2011-02-01
23h00 +00:00		 The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
6.9
CVE-2010-4344 2010-12-14
15h00 +00:00		 Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
9.8
Critical
CVE-2010-4345 2010-12-14
15h00 +00:00		 Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
7.8
High
CVE-2010-2023 2010-06-07
12h00 +00:00		 transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
4.4
CVE-2010-2024 2010-06-07
12h00 +00:00		 transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
4.4