Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Sa-exim Project Subscribe
Filtered by product Sa-exim
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19920 3 Canonical, Debian, Sa-exim Project 3 Ubuntu Linux, Debian Linux, Sa-exim 2022-12-14 9.0 HIGH 8.8 HIGH
sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.