pkg:Debian/exim4

All known vulnerabilities

• CRITICAL9.8CVE-2019-16928⚠ KEVexim4 - security update
  from 0, < 4.92-8+deb10u3
• CRITICAL9.8CVE-2019-16928⚠ KEVexim4 - security update
  from 0, < 4.92.2-3
• CRITICAL9.8⚠ KEVexim4 - security update
  from 0, < 4.92~RC3-1
• CRITICAL9.8⚠ KEVexim4 - security update
  from 0, < 4.89-2+deb9u4
• CRITICAL9.8⚠ KEVexim4 - security update
  from 0, < 4.80-7+deb7u6
• CRITICAL9.8⚠ KEVexim4 - security update
  from 0, < 4.90.1-1
• CRITICAL9.8⚠ KEVexim4 - security update
  from 0, < 4.84.2-2+deb8u5
• CRITICAL9.8⚠ KEVexim4 - remote code execution
  from 0, < 4.70-1
• CRITICAL9.8⚠ KEVexim4 - remote code execution
  from 0, < 4.69-9+lenny1
• HIGH7.8⚠ KEVexim4 - privilege escalation
  from 0, < 4.69-9+lenny3
• HIGH7.8⚠ KEVexim4 - privilege escalation
  from 0, < 4.72-3
• CRITICAL9.8Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path.
  from 0, < 4.94.2-7+deb11u5
• CRITICAL9.8In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in…
  from 0
• CRITICAL9.8Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records…
  from 0, < 4.99-7
• CRITICAL9.8Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.
  from 0, < 4.98-4
• CRITICAL9.8Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability.
  from 0, < 4.94.2-7+deb11u4
• CRITICAL9.8Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability.
  from 0, < 4.94.2-7+deb11u1
• CRITICAL9.8Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability.
  from 0, < 4.94.2-7+deb11u1
• CRITICAL9.8A vulnerability was found in Exim and classified as problematic.
  from 0, < 4.96-7
• CRITICAL9.8exim4 - security update
  from 0, < 4.92-8+deb10u7
• CRITICAL9.8exim4 - security update
  from 0, < 4.94.2-5
• CRITICAL9.8Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Not…
  from 0, < 4.94.2-1
• CRITICAL9.8Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smt…
  from 0, < 4.94.2-1
• CRITICAL9.8Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer.
  from 0, < 4.94.2-1
• CRITICAL9.8Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by le…
  from 0, < 4.92~RC5-1
• CRITICAL9.8Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.
  from 0, < 4.94.2-1
• CRITICAL9.8Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipient…
  from 0, < 4.94.2-1
• CRITICAL9.8exim4 - security update
  from 0, < 4.89-2+deb9u6
• CRITICAL9.8exim4 - security update
  from 0, < 4.84.2-2+deb8u6
• CRITICAL9.8exim4 - security update
  from 0, < 4.92.1-3
• CRITICAL9.8exim4 - security update
  from 0, < 4.89-2+deb9u5
• CRITICAL9.8exim4 - security update
  from 0, < 4.92-10
• CRITICAL9.8exim4 - security update
  from 0, < 4.89-2+deb9u2
• CRITICAL9.8exim4 - security update
  from 0, < 4.89-12
• CRITICAL9.1In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write tha…
  from 0
• HIGH8.8Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters.
  from 0, < 4.94.2-1
• HIGH7.8exim4 - security update
  from 0, < 4.96-15+deb12u7
• HIGH7.8exim4 - security update
  from 0, < 4.96-15+deb12u7
• HIGH7.8Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase.
  from 0, < 4.94.2-1
• HIGH7.8Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters.
  from 0, < 4.94.2-1
• HIGH7.8Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege es…
  from 0, < 4.94.2-1
• HIGH7.8Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lack…
  from 0, < 4.94.2-1
• HIGH7.8Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S.
  from 0, < 4.94.2-1
• HIGH7.8Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname…
  from 0, < 4.94.2-1
• HIGH7.8Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbound…
  from 0, < 4.94.2-1
• HIGH7.8Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges.
  from 0, < 4.94.2-1
• HIGH7.8exim4 - security update
  from 0, < 4.89-2+deb9u8
• HIGH7.8exim4 - security update
  from 0, < 4.94.2-1
• HIGH7.8exim4 - security update
  from 0, < 4.92-8+deb10u6
• HIGH7.5In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is pre…
  from 0
• HIGH7.5A vulnerability was found in Exim and classified as problematic.
  from 0, < 4.94.2-7+deb11u4
• HIGH7.5Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.
  from 0, < 4.95-4
• HIGH7.5exim4 - security update
  from 0, < 4.94.2-7+deb11u4
• HIGH7.5exim4 - security update
  from 0, < 4.94.2-7+deb11u4
• HIGH7.5Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len a…
  from 0, < 4.94.2-1
• HIGH7.5Exim 4 before 4.94.2 allows Out-of-bounds Read.
  from 0, < 4.94.2-1
• HIGH7.5Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences.
  from 0, < 4.94.2-1
• HIGH7.5exim4 - security update
  from 0, < 4.84.2-2+deb8u7
• HIGH7.5exim4 - security update
  from 0, < 4.89-2+deb9u7
• HIGH7.5exim4 - security update
  from 0, < 4.93-16
• HIGH7.5The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infini…
  from 0, < 4.89-13
• HIGH7.0exim4 - security update
  from 0, < 4.86.2-1
• HIGH7.0exim4 - security update
  from 0, < 4.80-7+deb7u2
• MEDIUM6.3Exim 4 before 4.94.2 has Execution with Unnecessary Privileges.
  from 0, < 4.94.2-1
• MEDIUM6.1Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges.
  from 0, < 4.94.2-1
• MEDIUM5.9exim4 - security update
  from 0, < 4.80-7+deb7u4
• MEDIUM5.9exim4 - security update
  from 0, < 4.88~RC6-2
• MEDIUM5.9exim4 - security update
  from 0, < 4.84.2-2+deb8u2
• MEDIUM5.4exim4 - security update
  from 0, < 4.94.2-7+deb11u3
• MEDIUM5.4exim4 - security update
  from 0, < 4.94.2-7+deb11u3
• MEDIUM5.3Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memo…
  from 0
• MEDIUM5.3In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malf…
  from 0
• MEDIUM5.3exim4 - security update
  from 0, < 4.94.2-7+deb11u1
• MEDIUM5.3exim4 - security update
  from 0, < 4.92-8+deb10u8
• MEDIUM5.3exim4 - security update
  from 0, < 4.94.2-7+deb11u1
• MEDIUM5.3exim4 - security update
  from 0, < 4.92-8+deb10u9
• MEDIUM5.3exim4 - security update
  from 0, < 4.94.2-7+deb11u2
• MEDIUM5.3exim4 - security update
  from 0, < 4.94.2-7+deb11u2
• MEDIUM4.0exim4 - security update
  from 0, < 4.84.2-2+deb8u4
• MEDIUM4.0exim4 - security update
  from 0, < 4.89-3
• MEDIUM4.0exim4 - security update
  from 0, < 4.80-7+deb7u5
• LOW3.1Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability.
  from 0, < 4.94.2-7+deb11u4
• —expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary comm…
  from 0, < 4.82.1-2
• —The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitra…
  from 0, < 4.82.1-1
• —exim4 - heap overflow
  from 0, < 4.80-5.1
• —exim4 - heap overflow
  from 0, < 4.72-6+squeeze3
• —exim4 - format string vulnerability
  from 0, < 4.75-3
• —exim4 - format string vulnerability
  from 0, < 4.72-6+squeeze1
• —exim4 - command injection
  from 0, < 4.76-1
• —exim4 - command injection
  from 0, < 4.72-6+squeeze2
• —The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which a…
  from 0, < 4.72-4
• —transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or cr…
  from 0, < 4.72-1
• —transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of…
  from 0, < 4.72-1
• —Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_s…
  from 0, < 4.34-10
• —exim-tls - buffer overflow
  from 0, < 4.34-10
• —exim-tls - buffer overflow
  from 0, < 4.33-1
• —Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a deni…
  from 0, < 4.33-1
• —Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitr…
  from 0, < 4.11-0.0.1