Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
CVSS Score
7.0
EPSS Score
0.001
Published
2025-12-14
A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.
CVSS Score
8.1
EPSS Score
0.0
Published
2025-03-28
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.
CVSS Score
5.4
EPSS Score
0.635
Published
2024-07-04