返回 CVE 瀏覽器

CVE-2019-15846

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0470%

EPSS Percentile21.99th

Published2019年9月6日

Last Modified2024年11月21日

Vulnerability Description

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.

Affected Platforms (CPE)

📦

Exim

Exim

< 4.92.2

💻

Debian

Debian Linux

= 8.0

💻

Debian

Debian Linux

= 9.0

💻

Debian

Debian Linux

= 10.0

References & Advisories

🔗 http://exim.org/static/doc/security/CVE-2019-15846.txt

🔗 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00024.html

🔗 http://www.openwall.com/lists/oss-security/2019/09/06/2

🔗 http://www.openwall.com/lists/oss-security/2019/09/06/4

🔗 http://www.openwall.com/lists/oss-security/2019/09/06/5

🔗 http://www.openwall.com/lists/oss-security/2019/09/06/6

🔗 http://www.openwall.com/lists/oss-security/2019/09/06/8

🔗 http://www.openwall.com/lists/oss-security/2019/09/07/1

相關漏洞威脅

CVE-2019-101499.8

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function...

CVE-2019-139179.8

Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort }...

CVE-2019-169289.8

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer...

CVE-2020-260989.8

cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).