Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

11 – 20 of 62 results


CVE-2022-37452

Medium priority
Fixed

Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.

1 affected packages

exim4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
exim4 Not affected Fixed Fixed Fixed
Show less packages

CVE-2022-37451

Medium priority
Not affected

Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.

1 affected packages

exim4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
exim4 Not affected Not affected Not affected Not affected
Show less packages

CVE-2021-38371

Low priority

Some fixes available 4 of 6

The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.

1 affected packages

exim4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
exim4 Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-27216

Medium priority
Fixed

Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.

1 affected packages

exim4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
exim4 Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-28026

Medium priority
Fixed

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and...

1 affected packages

exim4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
exim4 Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-28025

Medium priority
Fixed

Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive...

1 affected packages

exim4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
exim4 Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-28024

Medium priority
Fixed

Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back...

1 affected packages

exim4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
exim4 Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-28023

Medium priority
Fixed

Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client.

1 affected packages

exim4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
exim4 Fixed Fixed Fixed Not affected
Show less packages

CVE-2020-28022

Medium priority
Fixed

Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands.

1 affected packages

exim4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
exim4 Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-28021

Medium priority
Fixed

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL...

1 affected packages

exim4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
exim4 Fixed Fixed Fixed Fixed
Show less packages