Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.
CVSS Score
5.9
EPSS Score
0.017
Published
2017-02-01
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
CVSS Score
7.0
EPSS Score
0.568
Published
2016-04-07
The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.
CVSS Score
6.8
EPSS Score
0.018
Published
2014-09-04
expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.
CVSS Score
4.6
EPSS Score
0.002
Published
2014-09-04
Page 5