• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-787

CVE-2020-28013

February 26, 2023 by

Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles “-F ‘.(‘” on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy.

CVE-2020-28016

February 26, 2023 by

Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because “-F ”” is mishandled by parse_fix_phrase.

CVE-2020-28022

February 26, 2023 by

Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands.

CVE-2020-28024

February 26, 2023 by

Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF.

CVE-2020-28010

February 26, 2023 by

Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms).

CVE-2020-28011

February 26, 2023 by

Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 250
  • Go to page 251
  • Go to page 252
  • Go to page 253
  • Go to page 254
  • Interim pages omitted …
  • Go to page 1186
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE