Filtered by vendor Exim
Subscribe
Total
48 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-2024 | 1 Exim | 1 Exim | 2018-10-10 | 4.4 MEDIUM | N/A |
transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/. | |||||
CVE-2016-1531 | 1 Exim | 1 Exim | 2017-09-07 | 6.9 MEDIUM | 7.0 HIGH |
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. | |||||
CVE-2012-5671 | 1 Exim | 1 Exim | 2017-08-28 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server. | |||||
CVE-2011-0017 | 1 Exim | 1 Exim | 2017-08-16 | 6.9 MEDIUM | N/A |
The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack. | |||||
CVE-2016-9963 | 3 Canonical, Debian, Exim | 3 Ubuntu Linux, Debian Linux, Exim | 2017-02-15 | 2.6 LOW | 5.9 MEDIUM |
Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. | |||||
CVE-2014-2972 | 1 Exim | 1 Exim | 2016-12-02 | 4.6 MEDIUM | N/A |
expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. | |||||
CVE-2011-1764 | 1 Exim | 1 Exim | 2014-02-20 | 7.5 HIGH | N/A |
Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character. | |||||
CVE-2011-1407 | 1 Exim | 1 Exim | 2011-09-06 | 7.5 HIGH | N/A |
The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity. |