Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root.
CVSS Score
9.8
EPSS Score
0.089
Published
2021-05-06
Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.
CVSS Score
7.5
EPSS Score
0.024
Published
2020-05-11
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.
CVSS Score
8.4
EPSS Score
0.001
Published
2020-04-02
CVE-2019-16928
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
Known exploited
CVSS Score
9.8
EPSS Score
0.875
Published
2019-09-27
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
CVSS Score
9.8
EPSS Score
0.628
Published
2019-09-06
Page 4