pkg:Debian/exim4
98 total CVEsCRITICAL33HIGH30MEDIUM18LOW1
✅ Check your installed version
All known vulnerabilities
- from 0, < 4.92-8+deb10u3
- from 0, < 4.92.2-3
- from 0, < 4.92~RC3-1
- from 0, < 4.89-2+deb9u4
- from 0, < 4.80-7+deb7u6
- from 0, < 4.90.1-1
- from 0, < 4.84.2-2+deb8u5
- from 0, < 4.70-1
- from 0, < 4.69-9+lenny1
- from 0, < 4.69-9+lenny3
- from 0, < 4.72-3
- CRITICAL9.8CVE-2026-45185Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path.from 0, < 4.94.2-7+deb11u5
- CRITICAL9.8CVE-2026-40685In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in…from 0
- CRITICAL9.8CVE-2025-67896Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records…from 0, < 4.99-7
- CRITICAL9.8CVE-2025-26794Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.from 0, < 4.98-4
- CRITICAL9.8CVE-2023-42117Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability.from 0, < 4.94.2-7+deb11u4
- CRITICAL9.8CVE-2023-42116Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability.from 0, < 4.94.2-7+deb11u1
- from 0, < 4.94.2-7+deb11u1
- from 0, < 4.96-7
- from 0, < 4.92-8+deb10u7
- from 0, < 4.94.2-5
- CRITICAL9.8CVE-2020-28026Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Not…from 0, < 4.94.2-1
- CRITICAL9.8CVE-2020-28024Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smt…from 0, < 4.94.2-1
- CRITICAL9.8CVE-2020-28022Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer.from 0, < 4.94.2-1
- CRITICAL9.8CVE-2020-28020Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by le…from 0, < 4.92~RC5-1
- CRITICAL9.8CVE-2020-28018Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.from 0, < 4.94.2-1
- CRITICAL9.8CVE-2020-28017Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipient…from 0, < 4.94.2-1
- from 0, < 4.89-2+deb9u6
- from 0, < 4.84.2-2+deb8u6
- from 0, < 4.92.1-3
- from 0, < 4.89-2+deb9u5
- from 0, < 4.92-10
- from 0, < 4.89-2+deb9u2
- from 0, < 4.89-12
- CRITICAL9.1CVE-2026-40687In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write tha…from 0
- from 0, < 4.94.2-1
- from 0, < 4.96-15+deb12u7
- from 0, < 4.96-15+deb12u7
- HIGH7.8CVE-2020-28016Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase.from 0, < 4.94.2-1
- from 0, < 4.94.2-1
- HIGH7.8CVE-2020-28013Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege es…from 0, < 4.94.2-1
- HIGH7.8CVE-2020-28012Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lack…from 0, < 4.94.2-1
- HIGH7.8CVE-2020-28011Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S.from 0, < 4.94.2-1
- HIGH7.8CVE-2020-28010Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname…from 0, < 4.94.2-1
- HIGH7.8CVE-2020-28009Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbound…from 0, < 4.94.2-1
- from 0, < 4.94.2-1
- from 0, < 4.89-2+deb9u8
- from 0, < 4.94.2-1
- from 0, < 4.92-8+deb10u6
- HIGH7.5CVE-2026-40684In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is pre…from 0
- from 0, < 4.94.2-7+deb11u4
- HIGH7.5CVE-2022-37451Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.from 0, < 4.95-4
- from 0, < 4.94.2-7+deb11u4
- from 0, < 4.94.2-7+deb11u4
- HIGH7.5CVE-2020-28025Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len a…from 0, < 4.94.2-1
- from 0, < 4.94.2-1
- HIGH7.5CVE-2020-28019Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences.from 0, < 4.94.2-1
- from 0, < 4.84.2-2+deb8u7
- from 0, < 4.89-2+deb9u7
- from 0, < 4.93-16
- HIGH7.5CVE-2017-16944The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infini…from 0, < 4.89-13
- from 0, < 4.86.2-1
- from 0, < 4.80-7+deb7u2
- from 0, < 4.94.2-1
- from 0, < 4.94.2-1
- from 0, < 4.80-7+deb7u4
- from 0, < 4.88~RC6-2
- from 0, < 4.84.2-2+deb8u2
- from 0, < 4.94.2-7+deb11u3
- from 0, < 4.94.2-7+deb11u3
- MEDIUM5.3CVE-2026-48840Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memo…from 0
- MEDIUM5.3CVE-2026-40686In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malf…from 0
- from 0, < 4.94.2-7+deb11u1
- from 0, < 4.92-8+deb10u8
- from 0, < 4.94.2-7+deb11u1
- from 0, < 4.92-8+deb10u9
- from 0, < 4.94.2-7+deb11u2
- from 0, < 4.94.2-7+deb11u2
- from 0, < 4.84.2-2+deb8u4
- from 0, < 4.89-3
- from 0, < 4.80-7+deb7u5
- from 0, < 4.94.2-7+deb11u4
- —CVE-2014-2972expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary comm…from 0, < 4.82.1-2
- —CVE-2014-2957The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitra…from 0, < 4.82.1-1
- from 0, < 4.80-5.1
- from 0, < 4.72-6+squeeze3
- from 0, < 4.75-3
- from 0, < 4.72-6+squeeze1
- from 0, < 4.76-1
- from 0, < 4.72-6+squeeze2
- —CVE-2011-0017The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which a…from 0, < 4.72-4
- —CVE-2010-2024transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or cr…from 0, < 4.72-1
- —CVE-2010-2023transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of…from 0, < 4.72-1
- —CVE-2005-0022Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_s…from 0, < 4.34-10
- from 0, < 4.34-10
- from 0, < 4.33-1
- —CVE-2004-0400Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a deni…from 0, < 4.33-1
- —CVE-2002-1381Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitr…from 0, < 4.11-0.0.1