Bugs fixes in "exim4"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2026-40687 | In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes | 2026-05-04 |
| CVE | CVE-2026-40686 | In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF- | 2026-05-04 |
| CVE | CVE-2026-40685 | In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrus | 2026-05-04 |
| CVE | CVE-2026-4068 | The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is | 2026-05-04 |
| CVE | CVE-2026-40687 | In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes | 2026-05-04 |
| CVE | CVE-2026-40686 | In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF- | 2026-05-04 |
| CVE | CVE-2026-40685 | In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrus | 2026-05-04 |
| CVE | CVE-2026-4068 | The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is | 2026-05-04 |
| CVE | CVE-2026-40687 | In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes | 2026-05-04 |
| CVE | CVE-2026-40686 | In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF- | 2026-05-04 |
| CVE | CVE-2026-40685 | In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrus | 2026-05-04 |
| CVE | CVE-2026-4068 | The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is | 2026-05-04 |
| CVE | CVE-2026-40687 | In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes | 2026-05-04 |
| CVE | CVE-2026-40686 | In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF- | 2026-05-04 |
| CVE | CVE-2026-40685 | In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrus | 2026-05-04 |
| CVE | CVE-2026-4068 | The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is | 2026-05-04 |
| CVE | CVE-2026-40687 | In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes | 2026-05-04 |
| CVE | CVE-2026-40686 | In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF- | 2026-05-04 |
| CVE | CVE-2026-40685 | In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrus | 2026-05-04 |
| CVE | CVE-2026-4068 | The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is | 2026-05-04 |
About
-
Send Feedback to @ubuntu_updates
