Exim

exim

Vendor: University Of Cambridge • 10 CVEs

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2005-0022 1University Of Cambridge 1Exim Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA auth...Show more Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.Show less
CVE-2005-0021 1University Of Cambridge 1Exim Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 7.2 HIGH· v2 Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overfl...Show more Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.Show less
CVE-2004-0400 1University Of Cambridge 1Exim Apr 16, 2026 Jul 7, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
CVE-2004-0399 1University Of Cambridge 1Exim Apr 16, 2026 Jul 7, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verific...Show more Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.Show less
CVE-2003-0743 1University Of Cambridge 1Exim Apr 16, 2026 Oct 20, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number...Show more Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.Show less
CVE-2002-1381 1University Of Cambridge 1Exim Apr 16, 2026 Dec 23, 2002 N/A· v4 N/A· v3 7.2 HIGH· v2 Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
CVE-2002-0274 1University Of Cambridge 1Exim Apr 16, 2026 May 31, 2002 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C (configuration file) and other command line arguments.
CVE-2001-0889 2Redhat University Of Cambridge 2Exim Linux Apr 16, 2026 Dec 19, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell meta...Show more Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters.Show less
CVE-2001-0690 4Conectiva DebianRedhat+1 more 4Debian Linux EximLinux+1 more Apr 16, 2026 Sep 20, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.
CVE-1999-0971 1University Of Cambridge 1Exim Apr 16, 2026 Jul 22, 1997 N/A· v4 N/A· v3 7.2 HIGH· v2 Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file.