| Max CVSS | 6.9 | Min CVSS | 4.4 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2010-4345 | 6.9 |
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory direct
|
16-07-2024 - 17:57 | 14-12-2010 - 16:00 | |
| CVE-2010-2024 | 4.4 |
transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lock
|
10-10-2018 - 19:58 | 07-06-2010 - 17:12 | |
| CVE-2010-2023 | 4.4 |
transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a
|
10-10-2018 - 19:58 | 07-06-2010 - 17:12 | |
| CVE-2011-0017 | 6.9 |
The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
|
17-08-2017 - 01:33 | 02-02-2011 - 01:00 |