uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites,’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.


Trending CVEs for the Week of June 10th, 2019

CVE-2019-10149 – Remote Command Execution Flaw in Exim

The BlueKeep vulnerability is still the number one trending vulnerability on social media. This week, we will cover the runner-up, CVE-2019-10149. A critical vulnerability in Exim, the mail transfer agent (MTA) deployed on over half of all Internet-facing mail servers, may allow attackers to run commands as the “root” user.


A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

Affected Products

Remote *Command* Execution vulnerability in versions 4.87 to 4.91 (inclusive).

Exploitation and Risk

Successful exploitation of this vulnerability will enable the attacker to perform command execution as root in the context of the mail server. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


There is no good workaround at this time. NopSec suggests you patch it immediately.  



National Vulnerability Database


Schedule a Product Demo Today!

See how NopSec's end-to-end Cyber Exposure Management platform can organize your security chaos.