Vulnerabilities (CVE)

Filtered by vendor Sa-exim Project Subscribe
Filtered by product Sa-exim
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19920 3 Canonical, Debian, Sa-exim Project 3 Ubuntu Linux, Debian Linux, Sa-exim 2024-11-21 9.0 HIGH 8.8 HIGH
sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.