Exim Security Vulnerabilities (CVEs)
Track 18 security vulnerabilities affecting Exim products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
A heap-based buffer overflow vulnerability in Exim mail servers with certain non-default rate-limit configurations allows remote attackers to potentia...
Dec 14, 2025A use-after-free vulnerability in Exim versions 4.96 through 4.98.1 allows users with command-line access to escalate privileges. This affects systems...
Mar 28, 2025Exim mail servers running versions 4.98 before 4.98.1 with SQLite hints and ETRN serialization enabled are vulnerable to remote SQL injection attacks....
Feb 21, 2025This vulnerability in Exim mail servers allows attackers to bypass filename extension filtering by using specially crafted multiline RFC 2231 headers....
Jul 4, 2024CVE-2023-42115 is a critical out-of-bounds write vulnerability in Exim's SMTP service that allows unauthenticated remote attackers to execute arbitrar...
May 3, 2024This is a critical remote code execution vulnerability in Exim mail servers that allows unauthenticated attackers to execute arbitrary code by sending...
May 3, 2024This vulnerability in Exim's STARTTLS implementation allows attackers to inject malicious responses during SMTP communication by exploiting buffering ...
Aug 10, 2021CVE-2020-28007 is a privilege escalation vulnerability in Exim mail servers where an attacker can create symbolic or hard links in the log directory t...
May 6, 2021CVE-2020-28009 is an integer overflow vulnerability in Exim mail transfer agent versions before 4.94.2. It allows remote attackers to cause buffer ove...
May 6, 2021CVE-2020-28011 is a heap-based buffer overflow vulnerability in Exim mail transfer agent versions before 4.94.2. Attackers can exploit this via the -R...
May 6, 2021CVE-2020-28013 is a heap-based buffer overflow vulnerability in Exim mail transfer agent versions before 4.94.2. It allows local privilege escalation ...
May 6, 2021CVE-2020-28015 is a vulnerability in Exim mail transfer agent where local users can inject newline characters into recipient addresses, potentially al...
May 6, 2021CVE-2020-28017 is an integer overflow vulnerability in Exim mail transfer agent that can lead to buffer overflow when processing emails with an excess...
May 6, 2021This vulnerability in Exim mail servers allows remote attackers to cause a denial of service through stack consumption via specially crafted BDAT comm...
May 6, 2021CVE-2020-28020 is an integer overflow vulnerability in Exim mail transfer agent that leads to buffer overflow, allowing unauthenticated remote attacke...
May 6, 2021CVE-2020-28022 is a critical heap-based buffer overflow vulnerability in Exim mail servers that allows remote attackers to execute arbitrary code by s...
May 6, 2021CVE-2020-28024 is a critical buffer underwrite vulnerability in Exim mail servers that allows unauthenticated remote attackers to execute arbitrary co...
May 6, 2021CVE-2020-28026 is a critical vulnerability in Exim mail servers that allows unauthenticated remote attackers to execute arbitrary commands as root whe...
May 6, 2021Why Monitor Exim Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 18+ known vulnerabilities affecting Exim products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Exim packages in under 60 seconds. No agents required - completely agentless scanning that works across Exim deployments.
Free vulnerability database: Access detailed information about every Exim CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Exim CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
