Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2019-10149

CVE-2019-10149

CRITICAL9.8

A flaw was found in Exim versions 4

Published Jun 5, 2019

Modified 4 months ago

Details

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00020.html

http://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html

http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.html

http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.html

http://seclists.org/fulldisclosure/2019/Jun/16

http://www.openwall.com/lists/oss-security/2019/06/05/2

http://www.openwall.com/lists/oss-security/2019/06/05/3

http://www.openwall.com/lists/oss-security/2019/06/05/4

http://www.openwall.com/lists/oss-security/2019/06/06/1

http://www.openwall.com/lists/oss-security/2019/07/25/6

http://www.openwall.com/lists/oss-security/2019/07/25/7

http://www.openwall.com/lists/oss-security/2019/07/26/4

http://www.openwall.com/lists/oss-security/2021/05/04/7

http://www.securityfocus.com/bid/108679

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10149

https://seclists.org/bugtraq/2019/Jun/5

https://security.gentoo.org/glsa/201906-01

https://usn.ubuntu.com/4010-1/

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-10149

https://www.cve.org/CVERecord?id=CVE-2019-10149

https://www.debian.org/security/2019/dsa-4456

https://www.exim.org/static/doc/security/CVE-2019-10149.txt

CVSS Analysis

CVSS v3.1

9.8

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

9.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

Injection

OS Command Injection

Ecosystems

Timeline

PublishedJun 5, 2019

ModifiedOct 21, 2025

CVE-2019-10149 | Mondoo Vulnerability Intelligence