University of Cambridge Exim 4.94.2

CPE Details

University of Cambridge Exim 4.94.2
exim
exim
4.94.2
2021-05-06
12h09 +00:00
2021-05-28
18h24 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:exim:exim:4.94.2:*:*:*:*:*:*:*

Informations

Vendor

exim

Product

exim

Version

4.94.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-51766 2023-12-23 23h00 +00:00 Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some other popular e-mail servers do not.
5.3
Medium
CVE-2022-3559 2022-10-17 00h00 +00:00 A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.
7.5
High
CVE-2022-37452 2022-08-07 15h06 +00:00 Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.
9.8
Critical
CVE-2022-37451 2022-08-06 15h02 +00:00 Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.
7.5
High
CVE-2021-38371 2021-08-10 12h06 +00:00 The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.
7.5
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.