Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.
CVSS Score
7.5
EPSS Score
0.061
Published
2022-08-06
The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.
CVSS Score
7.5
EPSS Score
0.022
Published
2021-08-10
Page 2