Vulnerabilidades em Exim
16 resultadosCVE-2019-10149CRITICALA flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/dEPSS 100.0%KEVCVE-2025-26794HIGHExim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires aEPSS 75.8%CVE-2023-42118HIGHExim libspf2 Integer Underflow Remote Code Execution VulnerabilityEPSS 51.5%CVE-2023-42114LOWExim NTLM Challenge Out-Of-Bounds Read Information Disclosure VulnerabilityEPSS 28.1%CVE-2023-42115CRITICALExim AUTH Out-Of-Bounds Write Remote Code Execution VulnerabilityEPSS 10.0%CVE-2023-42117HIGHExim Improper Neutralization of Special Elements Remote Code Execution VulnerabilityEPSS 5.7%CVE-2023-42116HIGHExim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution VulnerabilityEPSS 3.2%CVE-2023-42119LOWExim dnsdb Out-Of-Bounds Read Information Disclosure VulnerabilityEPSS 1.6%CVE-2026-45185CRITICALExim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggeredEPSS 1.2%CVE-2025-30232HIGHA use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.EPSS 0.5%CVE-2025-67896HIGHExim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records EPSS 0.4%CVE-2026-40687MEDIUMIn Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write thatEPSS 0.4%CVE-2026-40684MEDIUMIn Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is presEPSS 0.4%CVE-2026-40685MEDIUMIn Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in EPSS 0.3%CVE-2026-48840MEDIUMExim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memorEPSS 0.3%CVE-2026-40686LOWIn Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malfoEPSS 0.2%