Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/39416?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "exim4", "version": "4.99.4-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46550?format=api", "vulnerability_id": "VCID-11f7-csrn-8qca", "summary": "Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39929.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39929.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39929", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.6031", "scoring_system": "epss", "scoring_elements": "0.98318", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.6031", "scoring_system": "epss", "scoring_elements": "0.98319", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.6031", "scoring_system": "epss", "scoring_elements": "0.98313", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39929" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1075785", "reference_id": "1075785", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1075785" }, { "reference_url": "https://git.exim.org/exim.git/commit/1b3209b0577a9327ebb076f3b32b8a159c253f7b", "reference_id": "1b3209b0577a9327ebb076f3b32b8a159c253f7b", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T16:09:08Z/" } ], "url": "https://git.exim.org/exim.git/commit/1b3209b0577a9327ebb076f3b32b8a159c253f7b" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295819", "reference_id": "2295819", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295819" }, { "reference_url": "https://git.exim.org/exim.git/commit/6ce5c70cff8989418e05d01fd2a57703007a6357", "reference_id": "6ce5c70cff8989418e05d01fd2a57703007a6357", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T16:09:08Z/" } ], "url": "https://git.exim.org/exim.git/commit/6ce5c70cff8989418e05d01fd2a57703007a6357" }, { "reference_url": "https://github.com/Exim/exim/compare/exim-4.98-RC2...exim-4.98-RC3", "reference_id": "exim-4.98-RC2...exim-4.98-RC3", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T16:09:08Z/" } ], "url": "https://github.com/Exim/exim/compare/exim-4.98-RC2...exim-4.98-RC3" }, { "reference_url": "https://www.rfc-editor.org/rfc/rfc2231.txt", "reference_id": "rfc2231.txt", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T16:09:08Z/" } ], "url": "https://www.rfc-editor.org/rfc/rfc2231.txt" }, { "reference_url": "https://bugs.exim.org/show_bug.cgi?id=3099#c4", "reference_id": "show_bug.cgi?id=3099#c4", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T16:09:08Z/" } ], "url": "https://bugs.exim.org/show_bug.cgi?id=3099#c4" }, { "reference_url": "https://usn.ubuntu.com/6939-1/", "reference_id": "USN-6939-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6939-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39532?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39533?format=api", "purl": "pkg:deb/debian/exim4@4.98~RC3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98~RC3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-39929" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11f7-csrn-8qca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135528?format=api", "vulnerability_id": "VCID-187h-k5te-7fay", "summary": "Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account.\n. Was ZDI-CAN-17643.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42119.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42119.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42119", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.73151", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.73228", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.73243", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00731", "scoring_system": "epss", "scoring_elements": "0.73242", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42119" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42119", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42119" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241542", "reference_id": "2241542", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241542" }, { "reference_url": "https://security.gentoo.org/glsa/202402-18", "reference_id": "GLSA-202402-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-18" }, { "reference_url": "https://usn.ubuntu.com/6455-1/", "reference_id": "USN-6455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6455-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1473/", "reference_id": "ZDI-23-1473", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T16:29:47Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1473/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39498?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39521?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39523?format=api", "purl": "pkg:deb/debian/exim4@4.97~RC2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.97~RC2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-42119" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-187h-k5te-7fay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/161758?format=api", "vulnerability_id": "VCID-1ez7-f2qd-e7b6", "summary": "A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10149.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10149.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10149", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93918", "scoring_system": "epss", "scoring_elements": "0.99887", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10149" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10149", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10149" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/06/06/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/06/06/1" }, { "reference_url": "http://www.securityfocus.com/bid/108679", "reference_id": "108679", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/" } ], "url": "http://www.securityfocus.com/bid/108679" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Jun/16", "reference_id": "16", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/" } ], "url": "http://seclists.org/fulldisclosure/2019/Jun/16" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715237", "reference_id": "1715237", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715237" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/06/05/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/06/05/2" }, { "reference_url": "https://security.gentoo.org/glsa/201906-01", "reference_id": "201906-01", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/" } ], "url": "https://security.gentoo.org/glsa/201906-01" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/06/05/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/06/05/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/06/05/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/06/05/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/07/26/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/07/26/4" }, { "reference_url": "https://usn.ubuntu.com/4010-1/", "reference_id": "4010-1", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/" } ], "url": "https://usn.ubuntu.com/4010-1/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Jun/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/" } ], "url": "https://seclists.org/bugtraq/2019/Jun/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/07/25/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/07/25/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/07/25/7", "reference_id": "7", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/07/25/7" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/04/7", "reference_id": "7", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/04/7" }, { "reference_url": "https://security.archlinux.org/AVG-982", "reference_id": "AVG-982", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-982" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46996.sh", "reference_id": "CVE-2019-10149", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46996.sh" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/47307.rb", "reference_id": "CVE-2019-10149", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/47307.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/46974.txt", "reference_id": "CVE-2019-10149", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/46974.txt" }, { "reference_url": "https://lwn.net/Articles/790553/", "reference_id": "CVE-2019-10149", "reference_type": "exploit", "scores": [], "url": "https://lwn.net/Articles/790553/" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/local/exim4_deliver_message_priv_esc.rb", "reference_id": "CVE-2019-10149", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/local/exim4_deliver_message_priv_esc.rb" }, { "reference_url": "https://www.exim.org/static/doc/security/CVE-2019-10149.txt", "reference_id": "CVE-2019-10149.txt", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/" } ], "url": "https://www.exim.org/static/doc/security/CVE-2019-10149.txt" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4456", "reference_id": "dsa-4456", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4456" }, { "reference_url": "http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.html", "reference_id": "Exim-4.91-Local-Privilege-Escalation.html", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/" } ], "url": "http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.html" }, { "reference_url": "http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.html", "reference_id": "Exim-4.91-Local-Privilege-Escalation.html", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/" } ], "url": "http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.html" }, { "reference_url": "http://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html", "reference_id": "Exim-4.9.1-Remote-Command-Execution.html", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/" } ], "url": "http://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00020.html", "reference_id": "msg00020.html", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00020.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10149", "reference_id": "show_bug.cgi?id=CVE-2019-10149", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10149" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39462?format=api", "purl": "pkg:deb/debian/exim4@4.92~RC3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.92~RC3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-10149" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ez7-f2qd-e7b6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135468?format=api", "vulnerability_id": "VCID-1ftq-tne2-1bc1", "summary": "Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to disclose information in the context of the service account.\n. Was ZDI-CAN-17433.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42114.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42114.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42114", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13895", "scoring_system": "epss", "scoring_elements": "0.94474", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.13895", "scoring_system": "epss", "scoring_elements": "0.94493", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.13895", "scoring_system": "epss", "scoring_elements": "0.94499", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.13895", "scoring_system": "epss", "scoring_elements": "0.945", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42114" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42114", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42114" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42116", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42116" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241538", "reference_id": "2241538", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241538" }, { "reference_url": "https://security.gentoo.org/glsa/202402-18", "reference_id": "GLSA-202402-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-18" }, { "reference_url": "https://usn.ubuntu.com/6411-1/", "reference_id": "USN-6411-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6411-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1468/", "reference_id": "ZDI-23-1468", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T17:07:34Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1468/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39511?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39510?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39513?format=api", "purl": "pkg:deb/debian/exim4@4.97~RC1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.97~RC1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-42114" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ftq-tne2-1bc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179654?format=api", "vulnerability_id": "VCID-1k38-97z2-cfcb", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28026", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0426", "scoring_system": "epss", "scoring_elements": "0.8906", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0426", "scoring_system": "epss", "scoring_elements": "0.89098", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0426", "scoring_system": "epss", "scoring_elements": "0.89106", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0426", "scoring_system": "epss", "scoring_elements": "0.89105", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28026" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026" }, { "reference_url": "https://security.archlinux.org/AVG-1911", "reference_id": "AVG-1911", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1911" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" }, { "reference_url": "https://usn.ubuntu.com/4934-2/", "reference_id": "USN-4934-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39471?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28026" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1k38-97z2-cfcb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179652?format=api", "vulnerability_id": "VCID-1r5f-rbf8-xygu", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28024", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05505", "scoring_system": "epss", "scoring_elements": "0.90438", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.05505", "scoring_system": "epss", "scoring_elements": "0.90469", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.05505", "scoring_system": "epss", "scoring_elements": "0.90477", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026" }, { "reference_url": "https://security.archlinux.org/AVG-1911", "reference_id": "AVG-1911", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1911" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" }, { "reference_url": "https://usn.ubuntu.com/4934-2/", "reference_id": "USN-4934-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39471?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28024" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1r5f-rbf8-xygu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/159608?format=api", "vulnerability_id": "VCID-2sqq-jsr5-n3aw", "summary": "An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6789.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6789.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6789", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86592", "scoring_system": "epss", "scoring_elements": "0.99439", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.86592", "scoring_system": "epss", "scoring_elements": "0.9944", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.86592", "scoring_system": "epss", "scoring_elements": "0.99441", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-6789" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6789", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6789" }, { "reference_url": "http://www.securityfocus.com/bid/103049", "reference_id": "103049", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/" } ], "url": "http://www.securityfocus.com/bid/103049" }, { "reference_url": "http://www.securitytracker.com/id/1040461", "reference_id": "1040461", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/" } ], "url": "http://www.securitytracker.com/id/1040461" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1543268", "reference_id": "1543268", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1543268" }, { "reference_url": "http://openwall.com/lists/oss-security/2018/02/10/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/" } ], "url": "http://openwall.com/lists/oss-security/2018/02/10/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2018/02/07/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2018/02/07/2" }, { "reference_url": "https://usn.ubuntu.com/3565-1/", "reference_id": "3565-1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/" } ], "url": "https://usn.ubuntu.com/3565-1/" }, { "reference_url": "https://www.exploit-db.com/exploits/44571/", "reference_id": "44571", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/" } ], "url": "https://www.exploit-db.com/exploits/44571/" }, { "reference_url": "https://www.exploit-db.com/exploits/45671/", "reference_id": "45671", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/" } ], "url": "https://www.exploit-db.com/exploits/45671/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890000", "reference_id": "890000", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890000" }, { "reference_url": "https://security.archlinux.org/ASA-201802-6", "reference_id": "ASA-201802-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201802-6" }, { "reference_url": "https://security.archlinux.org/AVG-608", "reference_id": "AVG-608", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-608" }, { "reference_url": "https://git.exim.org/exim.git/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1", "reference_id": "cf3cd306062a08969c41a1cdd32c6855f1abecf1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/" } ], "url": "https://git.exim.org/exim.git/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/44571.py", "reference_id": "CVE-2018-6789", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/44571.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45671.py", "reference_id": "CVE-2018-6789", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45671.py" }, { "reference_url": "https://medium.com/@straightblast426/my-poc-walk-through-for-cve-2018-6789-2e402e4ff588", "reference_id": "CVE-2018-6789", "reference_type": "exploit", "scores": [], "url": "https://medium.com/@straightblast426/my-poc-walk-through-for-cve-2018-6789-2e402e4ff588" }, { "reference_url": "https://exim.org/static/doc/security/CVE-2018-6789.txt", "reference_id": "CVE-2018-6789.txt", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/" } ], "url": "https://exim.org/static/doc/security/CVE-2018-6789.txt" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4110", "reference_id": "dsa-4110", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/" } ], "url": "https://www.debian.org/security/2018/dsa-4110" }, { "reference_url": "http://packetstormsecurity.com/files/162959/Exim-base64d-Buffer-Overflow.html", "reference_id": "Exim-base64d-Buffer-Overflow.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/" } ], "url": "http://packetstormsecurity.com/files/162959/Exim-base64d-Buffer-Overflow.html" }, { "reference_url": "https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/", "reference_id": "exim-off-by-one-RCE-exploiting-CVE-2018-6789-en", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/" } ], "url": "https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/" }, { "reference_url": "https://security.gentoo.org/glsa/201803-01", "reference_id": "GLSA-201803-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-01" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00009.html", "reference_id": "msg00009.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00009.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39459?format=api", "purl": "pkg:deb/debian/exim4@4.90.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.90.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-6789" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2sqq-jsr5-n3aw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179647?format=api", "vulnerability_id": "VCID-34uj-w2cc-m3ab", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28019", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01574", "scoring_system": "epss", "scoring_elements": "0.81961", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01574", "scoring_system": "epss", "scoring_elements": "0.82021", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01574", "scoring_system": "epss", "scoring_elements": "0.8203", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01574", "scoring_system": "epss", "scoring_elements": "0.82022", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026" }, { "reference_url": "https://security.archlinux.org/AVG-1911", "reference_id": "AVG-1911", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1911" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39471?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28019" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-34uj-w2cc-m3ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174583?format=api", "vulnerability_id": "VCID-42eh-c97t-2beg", "summary": "A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64882", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64991", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64995", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64983", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3559" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3559", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3559" }, { "reference_url": "https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2", "reference_id": "4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:41Z/" } ], "url": "https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV/", "reference_id": "EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:41Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV/" }, { "reference_url": "https://vuldb.com/?id.211073", "reference_id": "?id.211073", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:41Z/" } ], "url": "https://vuldb.com/?id.211073" }, { "reference_url": "https://bugs.exim.org/show_bug.cgi?id=2915", "reference_id": "show_bug.cgi?id=2915", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:41Z/" } ], "url": "https://bugs.exim.org/show_bug.cgi?id=2915" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMQ6OCKPNPBPSD37YR4FOWV2R54M2UEP/", "reference_id": "TMQ6OCKPNPBPSD37YR4FOWV2R54M2UEP", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:41Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMQ6OCKPNPBPSD37YR4FOWV2R54M2UEP/" }, { "reference_url": "https://usn.ubuntu.com/5741-1/", "reference_id": "USN-5741-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5741-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFHLZVHNNO2GWYP5EA4TZQZ5O4GVPARR/", "reference_id": "WFHLZVHNNO2GWYP5EA4TZQZ5O4GVPARR", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:41Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFHLZVHNNO2GWYP5EA4TZQZ5O4GVPARR/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39498?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39499?format=api", "purl": "pkg:deb/debian/exim4@4.96-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-3559" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-42eh-c97t-2beg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/181550?format=api", "vulnerability_id": "VCID-4469-xgah-yyag", "summary": "Multiple vulnerabilities were found in Exim, the worst of which\n leading to remote execution of arbitrary code with root privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1407.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1407.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1407", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68552", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68642", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.68655", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00554", "scoring_system": "epss", "scoring_elements": "0.6865", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1407" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1407", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1407" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=705446", "reference_id": "705446", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705446" }, { "reference_url": "https://security.gentoo.org/glsa/201401-32", "reference_id": "GLSA-201401-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-32" }, { "reference_url": "https://usn.ubuntu.com/1135-1/", "reference_id": "USN-1135-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1135-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39433?format=api", "purl": "pkg:deb/debian/exim4@4.76-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.76-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-1407" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4469-xgah-yyag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29332?format=api", "vulnerability_id": "VCID-51c2-u6by-mbez", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45185", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28552", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28748", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30335", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30352", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45185" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45185", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45185" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/05/12/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-13T13:31:28Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/05/12/4" }, { "reference_url": "https://exim.org/static/doc/security/CVE-2026-45185.txt", "reference_id": "CVE-2026-45185.txt", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-13T13:31:28Z/" } ], "url": "https://exim.org/static/doc/security/CVE-2026-45185.txt" }, { "reference_url": "https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim", "reference_id": "dead-letter-cve-2026-45185-xbow-found-rce-exim", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-13T13:31:28Z/" } ], "url": "https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim" }, { "reference_url": "https://exim.org", "reference_id": "exim.org", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-13T13:31:28Z/" } ], "url": "https://exim.org" }, { "reference_url": "https://code.exim.org/exim/wiki/wiki/EximSecurity", "reference_id": "EximSecurity", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-13T13:31:28Z/" } ], "url": "https://code.exim.org/exim/wiki/wiki/EximSecurity" }, { "reference_url": "https://exim.org/static/doc/security/EXIM-Security-2026-05-01.1/", "reference_id": "EXIM-Security-2026-05-01.1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-13T13:31:28Z/" } ], "url": "https://exim.org/static/doc/security/EXIM-Security-2026-05-01.1/" }, { "reference_url": "https://news.ycombinator.com/item?id=48111748", "reference_id": "item?id=48111748", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-13T13:31:28Z/" } ], "url": "https://news.ycombinator.com/item?id=48111748" }, { "reference_url": "https://usn.ubuntu.com/8382-1/", "reference_id": "USN-8382-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8382-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39552?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39553?format=api", "purl": "pkg:deb/debian/exim4@4.99.2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-45185" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-51c2-u6by-mbez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199935?format=api", "vulnerability_id": "VCID-5cbh-nmrw-hkc6", "summary": "Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0022.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0022.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01451", "scoring_system": "epss", "scoring_elements": "0.81214", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01451", "scoring_system": "epss", "scoring_elements": "0.81274", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01451", "scoring_system": "epss", "scoring_elements": "0.81282", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0022" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617440", "reference_id": "1617440", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:025", "reference_id": "RHSA-2005:025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:025" }, { "reference_url": "https://usn.ubuntu.com/56-1/", "reference_id": "USN-56-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/56-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39424?format=api", "purl": "pkg:deb/debian/exim4@4.34-10?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.34-10%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-0022" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5cbh-nmrw-hkc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167566?format=api", "vulnerability_id": "VCID-5cjt-vwuv-83d5", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16944.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16944.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16944", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.77909", "scoring_system": "epss", "scoring_elements": "0.99027", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.77909", "scoring_system": "epss", "scoring_elements": "0.99031", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.77909", "scoring_system": "epss", "scoring_elements": "0.99032", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16944" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16943", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16943" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16944" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517684", "reference_id": "1517684", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517684" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882671", "reference_id": "882671", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882671" }, { "reference_url": "https://security.archlinux.org/ASA-201711-32", "reference_id": "ASA-201711-32", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-32" }, { "reference_url": "https://security.archlinux.org/AVG-518", "reference_id": "AVG-518", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-518" }, { "reference_url": "https://bugs.exim.org/show_bug.cgi?id=2201", "reference_id": "CVE-2017-16944", "reference_type": "exploit", "scores": [], "url": "https://bugs.exim.org/show_bug.cgi?id=2201" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/43184.txt", "reference_id": "CVE-2017-16944", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/43184.txt" }, { "reference_url": "https://security.gentoo.org/glsa/201803-01", "reference_id": "GLSA-201803-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-01" }, { "reference_url": "https://usn.ubuntu.com/3499-1/", "reference_id": "USN-3499-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3499-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39454?format=api", "purl": "pkg:deb/debian/exim4@4.89-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.89-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-16944" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5cjt-vwuv-83d5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179640?format=api", "vulnerability_id": "VCID-5jkn-xb3v-v3bx", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28012", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14599", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.1472", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14718", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14691", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026" }, { "reference_url": "https://security.archlinux.org/AVG-1911", "reference_id": "AVG-1911", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1911" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" }, { "reference_url": "https://usn.ubuntu.com/4934-2/", "reference_id": "USN-4934-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39471?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28012" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5jkn-xb3v-v3bx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179649?format=api", "vulnerability_id": "VCID-5r88-hqsh-u7an", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28021", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05711", "scoring_system": "epss", "scoring_elements": "0.90625", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.05711", "scoring_system": "epss", "scoring_elements": "0.90655", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.05711", "scoring_system": "epss", "scoring_elements": "0.90662", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026" }, { "reference_url": "https://security.archlinux.org/AVG-1911", "reference_id": "AVG-1911", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1911" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39471?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28021" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5r88-hqsh-u7an" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/177571?format=api", "vulnerability_id": "VCID-6524-t862-fyb2", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13917.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13917.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13917", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16396", "scoring_system": "epss", "scoring_elements": "0.95021", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.16396", "scoring_system": "epss", "scoring_elements": "0.95037", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.16396", "scoring_system": "epss", "scoring_elements": "0.95038", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.16396", "scoring_system": "epss", "scoring_elements": "0.9504", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13917" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1731412", "reference_id": "1731412", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1731412" }, { "reference_url": "https://security.archlinux.org/ASA-201908-4", "reference_id": "ASA-201908-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-4" }, { "reference_url": "https://security.archlinux.org/AVG-1011", "reference_id": "AVG-1011", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1011" }, { "reference_url": "https://security.gentoo.org/glsa/201909-06", "reference_id": "GLSA-201909-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201909-06" }, { "reference_url": "https://usn.ubuntu.com/4075-1/", "reference_id": "USN-4075-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4075-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39463?format=api", "purl": "pkg:deb/debian/exim4@4.92-10?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.92-10%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-13917" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6524-t862-fyb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/181549?format=api", "vulnerability_id": "VCID-6d2j-wzcd-4uhq", "summary": "Multiple vulnerabilities were found in Exim, the worst of which\n leading to remote execution of arbitrary code with root privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0017.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0017.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30295", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.3049", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30509", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30496", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0017" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=670945", "reference_id": "670945", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=670945" }, { "reference_url": "https://security.gentoo.org/glsa/201401-32", "reference_id": "GLSA-201401-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-32" }, { "reference_url": "https://usn.ubuntu.com/1060-1/", "reference_id": "USN-1060-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1060-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39432?format=api", "purl": "pkg:deb/debian/exim4@4.72-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.72-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-0017" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6d2j-wzcd-4uhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179635?format=api", "vulnerability_id": "VCID-6hdx-tast-3bcj", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28007", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24577", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24775", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24787", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24772", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026" }, { "reference_url": "https://security.archlinux.org/AVG-1911", "reference_id": "AVG-1911", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1911" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" }, { "reference_url": "https://usn.ubuntu.com/4934-2/", "reference_id": "USN-4934-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39471?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28007" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6hdx-tast-3bcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/183644?format=api", "vulnerability_id": "VCID-7h36-f76r-zffz", "summary": "Multiple vulnerabilities have been discovered in Exim, the worst of which can lead to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.82369", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.82431", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.8244", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01642", "scoring_system": "epss", "scoring_elements": "0.82435", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-51766" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51766", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51766" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059387", "reference_id": "1059387", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059387" }, { "reference_url": "https://security.gentoo.org/glsa/202402-18", "reference_id": "GLSA-202402-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-18" }, { "reference_url": "https://usn.ubuntu.com/6611-1/", "reference_id": "USN-6611-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6611-1/" }, { "reference_url": "https://usn.ubuntu.com/8382-1/", "reference_id": "USN-8382-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8382-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39530?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39529?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39531?format=api", "purl": "pkg:deb/debian/exim4@4.97-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.97-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-51766" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7h36-f76r-zffz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179644?format=api", "vulnerability_id": "VCID-8yfd-x9td-z7d4", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.14982", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15104", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15102", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15072", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28016" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28016", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28016" }, { "reference_url": "https://security.archlinux.org/AVG-1911", "reference_id": "AVG-1911", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1911" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" }, { "reference_url": "https://usn.ubuntu.com/4934-2/", "reference_id": "USN-4934-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39471?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28016" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8yfd-x9td-z7d4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84010?format=api", "vulnerability_id": "VCID-93x9-7cp1-s3d3", "summary": "In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \\ skipping.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40685", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31588", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31777", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31794", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00127", "scoring_system": "epss", "scoring_elements": "0.31775", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40685" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40685" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/04/30/21", "reference_id": "21", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:26:30Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/04/30/21" }, { "reference_url": "https://code.exim.org/exim/exim/commit/9fdc057e71b87c87a0d3d2288b2810a0efaaba57", "reference_id": "9fdc057e71b87c87a0d3d2288b2810a0efaaba57", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:26:30Z/" } ], "url": "https://code.exim.org/exim/exim/commit/9fdc057e71b87c87a0d3d2288b2810a0efaaba57" }, { "reference_url": "https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40685.assessment", "reference_id": "CVE2026-40685.assessment", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:26:30Z/" } ], "url": "https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40685.assessment" }, { "reference_url": "https://exim.org/static/doc/security/CVE-2026-40685.txt", "reference_id": "CVE-2026-40685.txt", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:26:30Z/" } ], "url": "https://exim.org/static/doc/security/CVE-2026-40685.txt" }, { "reference_url": "https://usn.ubuntu.com/8228-1/", "reference_id": "USN-8228-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8228-1/" }, { "reference_url": "https://usn.ubuntu.com/8382-1/", "reference_id": "USN-8382-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8382-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39543?format=api", "purl": "pkg:deb/debian/exim4@4.99.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-40685" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-93x9-7cp1-s3d3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/181551?format=api", "vulnerability_id": "VCID-9v54-e15r-uqdy", "summary": "Multiple vulnerabilities were found in Exim, the worst of which\n leading to remote execution of arbitrary code with root privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1764.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1764.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04718", "scoring_system": "epss", "scoring_elements": "0.89617", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.04718", "scoring_system": "epss", "scoring_elements": "0.89652", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.04718", "scoring_system": "epss", "scoring_elements": "0.89659", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.04718", "scoring_system": "epss", "scoring_elements": "0.89658", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1764" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670", "reference_id": "624670", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=702474", "reference_id": "702474", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=702474" }, { "reference_url": "https://security.gentoo.org/glsa/201401-32", "reference_id": "GLSA-201401-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-32" }, { "reference_url": "https://usn.ubuntu.com/1130-1/", "reference_id": "USN-1130-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1130-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39435?format=api", "purl": "pkg:deb/debian/exim4@4.75-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.75-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-1764" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9v54-e15r-uqdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199934?format=api", "vulnerability_id": "VCID-ba64-2f17-57g5", "summary": "Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0021.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0021.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0021", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02817", "scoring_system": "epss", "scoring_elements": "0.86467", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02817", "scoring_system": "epss", "scoring_elements": "0.86517", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02817", "scoring_system": "epss", "scoring_elements": "0.86527", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02817", "scoring_system": "epss", "scoring_elements": "0.86525", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0021" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617439", "reference_id": "1617439", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617439" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/1009.c", "reference_id": "OSVDB-12946;CVE-2005-0021", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/1009.c" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/756.c", "reference_id": "OSVDB-12946;CVE-2005-0021", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/756.c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:025", "reference_id": "RHSA-2005:025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:025" }, { "reference_url": "https://usn.ubuntu.com/56-1/", "reference_id": "USN-56-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/56-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39424?format=api", "purl": "pkg:deb/debian/exim4@4.34-10?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.34-10%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2005-0021" ], "risk_score": null, "exploitability": "2.0", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ba64-2f17-57g5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87302?format=api", "vulnerability_id": "VCID-bbpw-c7nq-1kgx", "summary": "Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4345.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4345.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4345", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06508", "scoring_system": "epss", "scoring_elements": "0.9135", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.06508", "scoring_system": "epss", "scoring_elements": "0.91353", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.06508", "scoring_system": "epss", "scoring_elements": "0.91315", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.06508", "scoring_system": "epss", "scoring_elements": "0.91346", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4345" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4345" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0135", "reference_id": "0135", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://www.vupen.com/english/advisories/2011/0135" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0245", "reference_id": "0245", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://www.vupen.com/english/advisories/2011/0245" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0364", "reference_id": "0364", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://www.vupen.com/english/advisories/2011/0364" }, { "reference_url": "http://openwall.com/lists/oss-security/2010/12/10/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://openwall.com/lists/oss-security/2010/12/10/1" }, { "reference_url": "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html", "reference_id": "20101207.215955.bb32d4f2.en.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html" }, { "reference_url": "http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html", "reference_id": "20101209.172233.abcba158.en.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html" }, { "reference_url": "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html", "reference_id": "20101210.164935.385e04d0.en.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3171", "reference_id": "3171", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3171" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3204", "reference_id": "3204", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3204" }, { "reference_url": "http://secunia.com/advisories/42576", "reference_id": "42576", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://secunia.com/advisories/42576" }, { "reference_url": "http://secunia.com/advisories/42930", "reference_id": "42930", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://secunia.com/advisories/42930" }, { "reference_url": "http://secunia.com/advisories/43128", "reference_id": "43128", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://secunia.com/advisories/43128" }, { "reference_url": "http://secunia.com/advisories/43243", "reference_id": "43243", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://secunia.com/advisories/43243" }, { "reference_url": "http://www.securityfocus.com/bid/45341", "reference_id": "45341", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://www.securityfocus.com/bid/45341" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606527", "reference_id": "606527", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606527" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/04/7", "reference_id": "7", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/04/7" }, { "reference_url": "http://www.kb.cert.org/vuls/id/758489", "reference_id": "758489", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://www.kb.cert.org/vuls/id/758489" }, { "reference_url": "http://www.cpanel.net/2010/12/critical-exim-security-update.html", "reference_id": "critical-exim-security-update.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://www.cpanel.net/2010/12/critical-exim-security-update.html" }, { "reference_url": "http://www.debian.org/security/2010/dsa-2131", "reference_id": "dsa-2131", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://www.debian.org/security/2010/dsa-2131" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2154", "reference_id": "dsa-2154", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://www.debian.org/security/2011/dsa-2154" }, { "reference_url": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format", "reference_id": "exim4_string_format", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format" }, { "reference_url": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/", "reference_id": "exim_code_execution_peril", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/" }, { "reference_url": "https://security.gentoo.org/glsa/201401-32", "reference_id": "GLSA-201401-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-32" }, { "reference_url": "http://www.securitytracker.com/id?1024859", "reference_id": "id?1024859", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://www.securitytracker.com/id?1024859" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html", "reference_id": "msg00003.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0153", "reference_id": "RHSA-2011:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0153" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0153.html", "reference_id": "RHSA-2011-0153.html", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0153.html" }, { "reference_url": "http://bugs.exim.org/show_bug.cgi?id=1044", "reference_id": "show_bug.cgi?id=1044", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://bugs.exim.org/show_bug.cgi?id=1044" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=662012", "reference_id": "show_bug.cgi?id=662012", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=662012" }, { "reference_url": "http://www.securityfocus.com/archive/1/515172/100/0/threaded", "reference_id": "threaded", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://www.securityfocus.com/archive/1/515172/100/0/threaded" }, { "reference_url": "https://usn.ubuntu.com/1060-1/", "reference_id": "USN-1060-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1060-1/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1060-1", "reference_id": "USN-1060-1", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/" } ], "url": "http://www.ubuntu.com/usn/USN-1060-1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39430?format=api", "purl": "pkg:deb/debian/exim4@4.72-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.72-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-4345" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bbpw-c7nq-1kgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/209367?format=api", "vulnerability_id": "VCID-bucn-akc7-zufn", "summary": "Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37452", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04696", "scoring_system": "epss", "scoring_elements": "0.89592", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.04696", "scoring_system": "epss", "scoring_elements": "0.89626", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.04696", "scoring_system": "epss", "scoring_elements": "0.89633", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.04696", "scoring_system": "epss", "scoring_elements": "0.89632", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37452" }, { "reference_url": "https://usn.ubuntu.com/5574-1/", "reference_id": "USN-5574-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5574-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39507?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-37452" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bucn-akc7-zufn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179643?format=api", "vulnerability_id": "VCID-cz3r-5pdr-73b8", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28015", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12753", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12849", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12859", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12842", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026" }, { "reference_url": "https://security.archlinux.org/AVG-1911", "reference_id": "AVG-1911", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1911" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" }, { "reference_url": "https://usn.ubuntu.com/4934-2/", "reference_id": "USN-4934-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39471?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28015" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cz3r-5pdr-73b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135236?format=api", "vulnerability_id": "VCID-czkm-mkwx-wbcm", "summary": "Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account.\n. Was ZDI-CAN-17515.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42116.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42116.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42116", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06734", "scoring_system": "epss", "scoring_elements": "0.91485", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.06734", "scoring_system": "epss", "scoring_elements": "0.91515", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.06734", "scoring_system": "epss", "scoring_elements": "0.91523", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.06734", "scoring_system": "epss", "scoring_elements": "0.9152", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42116" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42114", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42114" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42116", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42116" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241528", "reference_id": "2241528", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241528" }, { "reference_url": "https://security.gentoo.org/glsa/202402-18", "reference_id": "GLSA-202402-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-18" }, { "reference_url": "https://usn.ubuntu.com/6411-1/", "reference_id": "USN-6411-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6411-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1470/", "reference_id": "ZDI-23-1470", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-05T15:02:42Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1470/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39511?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39510?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39513?format=api", "purl": "pkg:deb/debian/exim4@4.97~RC1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.97~RC1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-42116" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-czkm-mkwx-wbcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/212608?format=api", "vulnerability_id": "VCID-d4d7-w25w-qyc3", "summary": "Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37451.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37451.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37451", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.19257", "scoring_system": "epss", "scoring_elements": "0.95509", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.19257", "scoring_system": "epss", "scoring_elements": "0.95523", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.19257", "scoring_system": "epss", "scoring_elements": "0.95526", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.19257", "scoring_system": "epss", "scoring_elements": "0.95529", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37451" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119782", "reference_id": "2119782", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119782" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39501?format=api", "purl": "pkg:deb/debian/exim4@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39504?format=api", "purl": "pkg:deb/debian/exim4@4.95-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.95-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-37451" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d4d7-w25w-qyc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179638?format=api", "vulnerability_id": "VCID-dadd-du72-akag", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28010", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12176", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12269", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12275", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.12254", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026" }, { "reference_url": "https://security.archlinux.org/AVG-1911", "reference_id": "AVG-1911", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1911" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39471?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28010" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dadd-du72-akag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179651?format=api", "vulnerability_id": "VCID-dnj5-vua8-kkhc", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0298", "scoring_system": "epss", "scoring_elements": "0.86827", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0298", "scoring_system": "epss", "scoring_elements": "0.86875", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0298", "scoring_system": "epss", "scoring_elements": "0.86885", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0298", "scoring_system": "epss", "scoring_elements": "0.86881", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026" }, { "reference_url": "https://security.archlinux.org/AVG-1911", "reference_id": "AVG-1911", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1911" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39471?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28023" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dnj5-vua8-kkhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179655?format=api", "vulnerability_id": "VCID-dx4n-k186-u3dj", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27216", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18253", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18416", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18437", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18415", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27216" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27216", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27216" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" }, { "reference_url": "https://usn.ubuntu.com/4934-2/", "reference_id": "USN-4934-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39471?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-27216" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dx4n-k186-u3dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199433?format=api", "vulnerability_id": "VCID-esn3-rb5p-qqeb", "summary": "Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-1381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03052", "scoring_system": "epss", "scoring_elements": "0.86989", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.03052", "scoring_system": "epss", "scoring_elements": "0.87035", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.03052", "scoring_system": "epss", "scoring_elements": "0.87044", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.03052", "scoring_system": "epss", "scoring_elements": "0.8704", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-1381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1381" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/22066.c", "reference_id": "CVE-2002-1381;OSVDB-10360", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/22066.c" }, { "reference_url": "https://www.securityfocus.com/bid/6314/info", "reference_id": "CVE-2002-1381;OSVDB-10360", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/6314/info" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39412?format=api", "purl": "pkg:deb/debian/exim4@4.11-0.0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.11-0.0.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2002-1381" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-esn3-rb5p-qqeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/927?format=api", "vulnerability_id": "VCID-ey67-sd6b-h7cw", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1531.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1531.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1531", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.5677", "scoring_system": "epss", "scoring_elements": "0.98172", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.5677", "scoring_system": "epss", "scoring_elements": "0.98179", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.5677", "scoring_system": "epss", "scoring_elements": "0.9818", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1531" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1531" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:S/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1314293", "reference_id": "1314293", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1314293" }, { "reference_url": "http://legalhackers.com/advisories/Exim-Local-Root-Privilege-Escalation.txt", "reference_id": "CVE-2016-1531", "reference_type": "exploit", "scores": [], "url": "http://legalhackers.com/advisories/Exim-Local-Root-Privilege-Escalation.txt" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/39535.sh", "reference_id": "CVE-2016-1531", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/39535.sh" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/39549.txt", "reference_id": "CVE-2016-1531", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/39549.txt" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/39702.rb", "reference_id": "CVE-2016-1531", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/39702.rb" }, { "reference_url": "https://usn.ubuntu.com/2933-1/", "reference_id": "USN-2933-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2933-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39445?format=api", "purl": "pkg:deb/debian/exim4@4.86.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.86.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-1531" ], "risk_score": 6.8, "exploitability": "2.0", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ey67-sd6b-h7cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/181552?format=api", "vulnerability_id": "VCID-h4h9-unyc-nkdn", "summary": "Multiple vulnerabilities were found in Exim, the worst of which\n leading to remote execution of arbitrary code with root privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5671.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5671.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5671", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.31639", "scoring_system": "epss", "scoring_elements": "0.96909", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.31639", "scoring_system": "epss", "scoring_elements": "0.9692", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.31639", "scoring_system": "epss", "scoring_elements": "0.96923", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.31639", "scoring_system": "epss", "scoring_elements": "0.96924", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-5671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5671" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=869953", "reference_id": "869953", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=869953" }, { "reference_url": "https://security.gentoo.org/glsa/201401-32", "reference_id": "GLSA-201401-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-32" }, { "reference_url": "https://usn.ubuntu.com/1618-1/", "reference_id": "USN-1618-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1618-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39438?format=api", "purl": "pkg:deb/debian/exim4@4.80-5.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.80-5.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-5671" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h4h9-unyc-nkdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/181547?format=api", "vulnerability_id": "VCID-heh9-cqhh-zbbf", "summary": "Multiple vulnerabilities were found in Exim, the worst of which\n leading to remote execution of arbitrary code with root privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2023.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2023.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45973", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.46117", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.46124", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.4611", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2023" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=600093", "reference_id": "600093", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=600093" }, { "reference_url": "https://security.gentoo.org/glsa/201401-32", "reference_id": "GLSA-201401-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-32" }, { "reference_url": "https://usn.ubuntu.com/1060-1/", "reference_id": "USN-1060-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1060-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39427?format=api", "purl": "pkg:deb/debian/exim4@4.72-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.72-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-2023" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-heh9-cqhh-zbbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84077?format=api", "vulnerability_id": "VCID-hhte-snaq-ruh5", "summary": "In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be divulged within an error message produced during handling of an unrelated e-mail message.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40686", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28569", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28778", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28788", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28765", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40686" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40686" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/04/30/21", "reference_id": "21", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:27:01Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/04/30/21" }, { "reference_url": "https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40686.assessment", "reference_id": "CVE2026-40686.assessment", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:27:01Z/" } ], "url": "https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40686.assessment" }, { "reference_url": "https://exim.org/static/doc/security/CVE-2026-40686.txt", "reference_id": "CVE-2026-40686.txt", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:27:01Z/" } ], "url": "https://exim.org/static/doc/security/CVE-2026-40686.txt" }, { "reference_url": "https://code.exim.org/exim/exim/commit/f2570bde16fb4d4a1242ff363a4c4eecf6372efc", "reference_id": "f2570bde16fb4d4a1242ff363a4c4eecf6372efc", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:27:01Z/" } ], "url": "https://code.exim.org/exim/exim/commit/f2570bde16fb4d4a1242ff363a4c4eecf6372efc" }, { "reference_url": "https://usn.ubuntu.com/8228-1/", "reference_id": "USN-8228-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8228-1/" }, { "reference_url": "https://usn.ubuntu.com/8382-1/", "reference_id": "USN-8382-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8382-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39543?format=api", "purl": "pkg:deb/debian/exim4@4.99.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-40686" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hhte-snaq-ruh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179650?format=api", "vulnerability_id": "VCID-jm4e-4b7y-jygk", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02607", "scoring_system": "epss", "scoring_elements": "0.85963", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02607", "scoring_system": "epss", "scoring_elements": "0.86012", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02607", "scoring_system": "epss", "scoring_elements": "0.86022", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02607", "scoring_system": "epss", "scoring_elements": "0.86015", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026" }, { "reference_url": "https://security.archlinux.org/AVG-1911", "reference_id": "AVG-1911", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1911" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" }, { "reference_url": "https://usn.ubuntu.com/4934-2/", "reference_id": "USN-4934-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39471?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28022" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jm4e-4b7y-jygk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179637?format=api", "vulnerability_id": "VCID-kbwf-7g2r-8yfp", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2243", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22626", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2264", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2262", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026" }, { "reference_url": "https://security.archlinux.org/AVG-1911", "reference_id": "AVG-1911", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1911" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" }, { "reference_url": "https://usn.ubuntu.com/4934-2/", "reference_id": "USN-4934-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39471?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28009" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kbwf-7g2r-8yfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/102090?format=api", "vulnerability_id": "VCID-knvr-uzut-wkhd", "summary": "Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26794.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26794.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26794", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.77997", "scoring_system": "epss", "scoring_elements": "0.99034", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.77997", "scoring_system": "epss", "scoring_elements": "0.99039", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.77997", "scoring_system": "epss", "scoring_elements": "0.99038", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-26794" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346981", "reference_id": "2346981", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346981" }, { "reference_url": "https://github.com/NixOS/nixpkgs/pull/383926", "reference_id": "383926", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-21T16:11:25Z/" } ], "url": "https://github.com/NixOS/nixpkgs/pull/383926" }, { "reference_url": "https://github.com/openbsd/ports/commit/584d2c49addce9ca0ae67882cc16969104d7f82d", "reference_id": "584d2c49addce9ca0ae67882cc16969104d7f82d", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-21T16:11:25Z/" } ], "url": "https://github.com/openbsd/ports/commit/584d2c49addce9ca0ae67882cc16969104d7f82d" }, { "reference_url": "https://code.exim.org/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305", "reference_id": "bfe32b5c6ea033736a26da8421513206db9fe305", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-21T16:11:25Z/" } ], "url": "https://code.exim.org/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305" }, { "reference_url": "https://www.exim.org/static/doc/security/CVE-2025-26794.txt", "reference_id": "CVE-2025-26794.txt", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-21T16:11:25Z/" } ], "url": "https://www.exim.org/static/doc/security/CVE-2025-26794.txt" }, { "reference_url": "https://exim.org", "reference_id": "exim.org", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-21T16:11:25Z/" } ], "url": "https://exim.org" }, { "reference_url": "https://github.com/Exim/exim/wiki/EximSecurity", "reference_id": "EximSecurity", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-21T16:11:25Z/" } ], "url": "https://github.com/Exim/exim/wiki/EximSecurity" }, { "reference_url": "https://exim.org/static/doc/security/EXIM-Security-2025-12-09.1/report.txt", "reference_id": "report.txt", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-21T16:11:25Z/" } ], "url": "https://exim.org/static/doc/security/EXIM-Security-2025-12-09.1/report.txt" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=1237424", "reference_id": "show_bug.cgi?id=1237424", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-21T16:11:25Z/" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1237424" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39501?format=api", "purl": "pkg:deb/debian/exim4@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39534?format=api", "purl": "pkg:deb/debian/exim4@4.98-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-26794" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-knvr-uzut-wkhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/196606?format=api", "vulnerability_id": "VCID-ndj6-cuxy-pycd", "summary": "man-in-the-middle", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38371", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84815", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84867", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84875", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02209", "scoring_system": "epss", "scoring_elements": "0.84868", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38371" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38371", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38371" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992172", "reference_id": "992172", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992172" }, { "reference_url": "https://security.archlinux.org/AVG-2272", "reference_id": "AVG-2272", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2272" }, { "reference_url": "https://usn.ubuntu.com/6881-1/", "reference_id": "USN-6881-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6881-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39498?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39497?format=api", "purl": "pkg:deb/debian/exim4@4.95~RC2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.95~RC2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-38371" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ndj6-cuxy-pycd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179653?format=api", "vulnerability_id": "VCID-npfm-78r1-3bdt", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28025", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01407", "scoring_system": "epss", "scoring_elements": "0.80899", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01407", "scoring_system": "epss", "scoring_elements": "0.80959", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01407", "scoring_system": "epss", "scoring_elements": "0.80969", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01407", "scoring_system": "epss", "scoring_elements": "0.80961", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026" }, { "reference_url": "https://security.archlinux.org/AVG-1911", "reference_id": "AVG-1911", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1911" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" }, { "reference_url": "https://usn.ubuntu.com/4934-2/", "reference_id": "USN-4934-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39471?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28025" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-npfm-78r1-3bdt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/160851?format=api", "vulnerability_id": "VCID-p1b8-8hf7-jugt", "summary": "Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16928.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16928.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16928", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.9031", "scoring_system": "epss", "scoring_elements": "0.99618", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.9031", "scoring_system": "epss", "scoring_elements": "0.99616", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.9031", "scoring_system": "epss", "scoring_elements": "0.99617", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-16928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16928" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/09/28/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1756930", "reference_id": "1756930", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1756930" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/09/28/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/2" }, { "reference_url": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html", "reference_id": "20190927.032457.c1044d4c.en.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/" } ], "url": "https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html" }, { "reference_url": "https://security.gentoo.org/glsa/202003-47", "reference_id": "202003-47", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/" } ], "url": "https://security.gentoo.org/glsa/202003-47" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/09/28/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/09/28/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/09/28/4" }, { "reference_url": "https://usn.ubuntu.com/4141-1/", "reference_id": "4141-1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/" } ], "url": "https://usn.ubuntu.com/4141-1/" }, { "reference_url": "https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f", "reference_id": "478effbfd9c3cc5a627fc671d4bf94d13670d65f", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/" } ], "url": "https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f" }, { "reference_url": "https://seclists.org/bugtraq/2019/Sep/60", "reference_id": "60", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/" } ], "url": "https://seclists.org/bugtraq/2019/Sep/60" }, { "reference_url": "https://security.archlinux.org/ASA-201910-1", "reference_id": "ASA-201910-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201910-1" }, { "reference_url": "https://security.archlinux.org/AVG-1038", "reference_id": "AVG-1038", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1038" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4536", "reference_id": "dsa-4536", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4536" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/", "reference_id": "EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/" }, { "reference_url": "https://bugs.exim.org/show_bug.cgi?id=2449", "reference_id": "show_bug.cgi?id=2449", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/" } ], "url": "https://bugs.exim.org/show_bug.cgi?id=2449" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/", "reference_id": "T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/", "reference_id": "UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39467?format=api", "purl": "pkg:deb/debian/exim4@4.92.2-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.92.2-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-16928" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p1b8-8hf7-jugt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135644?format=api", "vulnerability_id": "VCID-p1c3-vexn-pqdc", "summary": "Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account.\n. Was ZDI-CAN-17434.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42115.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42115.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.65812", "scoring_system": "epss", "scoring_elements": "0.98529", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.65812", "scoring_system": "epss", "scoring_elements": "0.98534", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.65812", "scoring_system": "epss", "scoring_elements": "0.98533", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42114", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42114" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42116", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42116" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241525", "reference_id": "2241525", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241525" }, { "reference_url": "https://security.gentoo.org/glsa/202402-18", "reference_id": "GLSA-202402-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-18" }, { "reference_url": "https://usn.ubuntu.com/6411-1/", "reference_id": "USN-6411-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6411-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1469/", "reference_id": "ZDI-23-1469", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-20T19:32:20Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1469/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39511?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39510?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39513?format=api", "purl": "pkg:deb/debian/exim4@4.97~RC1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.97~RC1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-42115" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p1c3-vexn-pqdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179646?format=api", "vulnerability_id": "VCID-pg8e-48vd-hbe2", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28018", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.65912", "scoring_system": "epss", "scoring_elements": "0.98533", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.65912", "scoring_system": "epss", "scoring_elements": "0.98538", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.65912", "scoring_system": "epss", "scoring_elements": "0.98537", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28018" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28018", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28018" }, { "reference_url": "https://security.archlinux.org/AVG-1911", "reference_id": "AVG-1911", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1911" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39471?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28018" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pg8e-48vd-hbe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/203355?format=api", "vulnerability_id": "VCID-pvvh-j2qs-2fg5", "summary": "The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2957.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2957.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2957", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01821", "scoring_system": "epss", "scoring_elements": "0.8328", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01821", "scoring_system": "epss", "scoring_elements": "0.83341", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01821", "scoring_system": "epss", "scoring_elements": "0.83349", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01821", "scoring_system": "epss", "scoring_elements": "0.83345", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2957" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2957", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2957" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101725", "reference_id": "1101725", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101725" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39442?format=api", "purl": "pkg:deb/debian/exim4@4.82.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.82.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-2957" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pvvh-j2qs-2fg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199687?format=api", "vulnerability_id": "VCID-q5we-p3d3-xuf3", "summary": "Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06391", "scoring_system": "epss", "scoring_elements": "0.91224", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.06391", "scoring_system": "epss", "scoring_elements": "0.91254", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.06391", "scoring_system": "epss", "scoring_elements": "0.91261", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.06391", "scoring_system": "epss", "scoring_elements": "0.91259", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0400" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39419?format=api", "purl": "pkg:deb/debian/exim4@4.33-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.33-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2004-0400" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q5we-p3d3-xuf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179641?format=api", "vulnerability_id": "VCID-qc9t-2j8d-h7aq", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15523", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15659", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15672", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1564", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026" }, { "reference_url": "https://security.archlinux.org/AVG-1911", "reference_id": "AVG-1911", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1911" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" }, { "reference_url": "https://usn.ubuntu.com/4934-2/", "reference_id": "USN-4934-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39471?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28013" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qc9t-2j8d-h7aq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/178265?format=api", "vulnerability_id": "VCID-qs61-b5vc-muhf", "summary": "A local attacker could execute arbitrary code by providing\n unsanitized data to a data source or escalate privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2972.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2972.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2972", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43972", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.44126", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.44144", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.44132", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2972" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2972", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2972" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1122552", "reference_id": "1122552", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1122552" }, { "reference_url": "https://security.gentoo.org/glsa/201607-12", "reference_id": "GLSA-201607-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-12" }, { "reference_url": "https://usn.ubuntu.com/2933-1/", "reference_id": "USN-2933-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2933-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39443?format=api", "purl": "pkg:deb/debian/exim4@4.82.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.82.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-2972" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qs61-b5vc-muhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179642?format=api", "vulnerability_id": "VCID-qyzh-ytsw-eyhx", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28014", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.181", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18262", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18282", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18256", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026" }, { "reference_url": "https://security.archlinux.org/AVG-1911", "reference_id": "AVG-1911", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1911" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" }, { "reference_url": "https://usn.ubuntu.com/4934-2/", "reference_id": "USN-4934-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39471?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28014" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qyzh-ytsw-eyhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167564?format=api", "vulnerability_id": "VCID-rfd2-41p7-ybd7", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16943.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16943.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16943", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.74526", "scoring_system": "epss", "scoring_elements": "0.98871", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.74526", "scoring_system": "epss", "scoring_elements": "0.98875", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.74526", "scoring_system": "epss", "scoring_elements": "0.98877", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16943" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16943", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16943" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16944" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517680", "reference_id": "1517680", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517680" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882648", "reference_id": "882648", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882648" }, { "reference_url": "https://security.archlinux.org/ASA-201711-32", "reference_id": "ASA-201711-32", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-32" }, { "reference_url": "https://security.archlinux.org/AVG-518", "reference_id": "AVG-518", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-518" }, { "reference_url": "https://security.gentoo.org/glsa/201803-01", "reference_id": "GLSA-201803-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-01" }, { "reference_url": "https://usn.ubuntu.com/3493-1/", "reference_id": "USN-3493-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3493-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39451?format=api", "purl": "pkg:deb/debian/exim4@4.89-12?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.89-12%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-16943" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rfd2-41p7-ybd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90174?format=api", "vulnerability_id": "VCID-rwcr-ykxh-ubhc", "summary": "A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24312", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24506", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24517", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.245", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-30232" }, { "reference_url": "https://security.archlinux.org/ASA-202503-1", "reference_id": "ASA-202503-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202503-1" }, { "reference_url": "https://security.archlinux.org/AVG-2859", "reference_id": "AVG-2859", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2859" }, { "reference_url": "https://www.exim.org/static/doc/security/CVE-2025-30232.txt", "reference_id": "CVE-2025-30232.txt", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-28T14:37:01Z/" } ], "url": "https://www.exim.org/static/doc/security/CVE-2025-30232.txt" }, { "reference_url": "https://usn.ubuntu.com/7373-1/", "reference_id": "USN-7373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7373-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39501?format=api", "purl": "pkg:deb/debian/exim4@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39535?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39536?format=api", "purl": "pkg:deb/debian/exim4@4.98.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-30232" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rwcr-ykxh-ubhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179648?format=api", "vulnerability_id": "VCID-s579-vy9e-pbfp", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28020", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.26587", "scoring_system": "epss", "scoring_elements": "0.96456", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.26587", "scoring_system": "epss", "scoring_elements": "0.96466", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.26587", "scoring_system": "epss", "scoring_elements": "0.9647", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28020" }, { "reference_url": "https://security.archlinux.org/AVG-1912", "reference_id": "AVG-1912", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1912" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" }, { "reference_url": "https://usn.ubuntu.com/4934-2/", "reference_id": "USN-4934-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39490?format=api", "purl": "pkg:deb/debian/exim4@4.92~RC5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.92~RC5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28020" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s579-vy9e-pbfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80542?format=api", "vulnerability_id": "VCID-sqtt-yb5x-9ff9", "summary": "Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-48840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21688", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21516", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21702", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21715", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-48840" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48840", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48840" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/05/29/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-06-01T12:51:07Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/05/29/3" }, { "reference_url": "https://exim.org/static/doc/security/EXIM-Security-2026-05-19.1", "reference_id": "EXIM-Security-2026-05-19.1", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-06-01T12:51:07Z/" } ], "url": "https://exim.org/static/doc/security/EXIM-Security-2026-05-19.1" }, { "reference_url": "https://usn.ubuntu.com/8353-1/", "reference_id": "USN-8353-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8353-1/" }, { "reference_url": "https://usn.ubuntu.com/8382-1/", "reference_id": "USN-8382-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8382-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39557?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39555?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u10?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u10%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39559?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-48840" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sqtt-yb5x-9ff9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83942?format=api", "vulnerability_id": "VCID-syut-2gvg-jqer", "summary": "In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40687", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.3984", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40022", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40032", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.4001", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40687" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40687", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40687" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/04/30/21", "reference_id": "21", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:03Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/04/30/21" }, { "reference_url": "https://code.exim.org/exim/exim/commit/68b963b9f75ca27b38e1c0f8c87037990199f505", "reference_id": "68b963b9f75ca27b38e1c0f8c87037990199f505", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:03Z/" } ], "url": "https://code.exim.org/exim/exim/commit/68b963b9f75ca27b38e1c0f8c87037990199f505" }, { "reference_url": "https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40687.assessment", "reference_id": "CVE2026-40687.assessment", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:03Z/" } ], "url": "https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40687.assessment" }, { "reference_url": "https://exim.org/static/doc/security/CVE-2026-40687.txt", "reference_id": "CVE-2026-40687.txt", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:03Z/" } ], "url": "https://exim.org/static/doc/security/CVE-2026-40687.txt" }, { "reference_url": "https://usn.ubuntu.com/8228-1/", "reference_id": "USN-8228-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8228-1/" }, { "reference_url": "https://usn.ubuntu.com/8382-1/", "reference_id": "USN-8382-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8382-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39543?format=api", "purl": "pkg:deb/debian/exim4@4.99.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-40687" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-syut-2gvg-jqer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179639?format=api", "vulnerability_id": "VCID-ubu7-861q-8qbf", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28011", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15523", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15659", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15672", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1564", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026" }, { "reference_url": "https://security.archlinux.org/AVG-1911", "reference_id": "AVG-1911", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1911" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" }, { "reference_url": "https://usn.ubuntu.com/4934-2/", "reference_id": "USN-4934-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39471?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28011" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ubu7-861q-8qbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/175153?format=api", "vulnerability_id": "VCID-ufwa-bnb1-67b7", "summary": "A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211919.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3620", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01227", "scoring_system": "epss", "scoring_elements": "0.79551", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01227", "scoring_system": "epss", "scoring_elements": "0.79625", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01227", "scoring_system": "epss", "scoring_elements": "0.79632", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01227", "scoring_system": "epss", "scoring_elements": "0.79617", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-3620" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022556", "reference_id": "1022556", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022556" }, { "reference_url": "https://git.exim.org/exim.git/commit/12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445", "reference_id": "12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:15Z/" } ], "url": "https://git.exim.org/exim.git/commit/12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/667V3ADXQ2MHUJMSXA3VZZEWLVSCIBEU/", "reference_id": "667V3ADXQ2MHUJMSXA3VZZEWLVSCIBEU", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:15Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/667V3ADXQ2MHUJMSXA3VZZEWLVSCIBEU/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV/", "reference_id": "EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:15Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV/" }, { "reference_url": "https://vuldb.com/?id.211919", "reference_id": "?id.211919", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:15Z/" } ], "url": "https://vuldb.com/?id.211919" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XV2K2AWF62FSJ64B5CUZPFT4COK7P5PM/", "reference_id": "XV2K2AWF62FSJ64B5CUZPFT4COK7P5PM", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:15Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XV2K2AWF62FSJ64B5CUZPFT4COK7P5PM/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39501?format=api", "purl": "pkg:deb/debian/exim4@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39500?format=api", "purl": "pkg:deb/debian/exim4@4.96-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-3620" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ufwa-bnb1-67b7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/181548?format=api", "vulnerability_id": "VCID-uhf1-v5x4-7kfv", "summary": "Multiple vulnerabilities were found in Exim, the worst of which\n leading to remote execution of arbitrary code with root privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2024.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2024.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2024", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38621", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38794", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38817", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38807", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-2024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2024" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=600097", "reference_id": "600097", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=600097" }, { "reference_url": "https://security.gentoo.org/glsa/201401-32", "reference_id": "GLSA-201401-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-32" }, { "reference_url": "https://usn.ubuntu.com/1060-1/", "reference_id": "USN-1060-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1060-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39427?format=api", "purl": "pkg:deb/debian/exim4@4.72-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.72-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-2024" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uhf1-v5x4-7kfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179756?format=api", "vulnerability_id": "VCID-uxdq-uzep-hyfk", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12783.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12783.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12783", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05454", "scoring_system": "epss", "scoring_elements": "0.90394", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.05454", "scoring_system": "epss", "scoring_elements": "0.90424", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.05454", "scoring_system": "epss", "scoring_elements": "0.90432", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12783" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12783", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12783" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1836362", "reference_id": "1836362", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1836362" }, { "reference_url": "https://usn.ubuntu.com/4366-1/", "reference_id": "USN-4366-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4366-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39469?format=api", "purl": "pkg:deb/debian/exim4@4.93-16?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.93-16%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-12783" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uxdq-uzep-hyfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/199686?format=api", "vulnerability_id": "VCID-v4en-4atd-1qex", "summary": "Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.42079", "scoring_system": "epss", "scoring_elements": "0.97528", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.42079", "scoring_system": "epss", "scoring_elements": "0.97536", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.42079", "scoring_system": "epss", "scoring_elements": "0.97538", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0399" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/24093.c", "reference_id": "CVE-2004-0399;OSVDB-5896", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/24093.c" }, { "reference_url": "https://www.securityfocus.com/bid/10290/info", "reference_id": "CVE-2004-0399;OSVDB-5896", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/10290/info" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39419?format=api", "purl": "pkg:deb/debian/exim4@4.33-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.33-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2004-0399" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v4en-4atd-1qex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/124603?format=api", "vulnerability_id": "VCID-v7k7-yd16-qfce", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000369.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000369.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000369", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54258", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54384", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.544", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00306", "scoring_system": "epss", "scoring_elements": "0.54386", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000369" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000369", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000369" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1457748", "reference_id": "1457748", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1457748" }, { "reference_url": "https://security.archlinux.org/ASA-201711-32", "reference_id": "ASA-201711-32", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-32" }, { "reference_url": "https://security.archlinux.org/AVG-518", "reference_id": "AVG-518", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-518" }, { "reference_url": "https://security.gentoo.org/glsa/201709-19", "reference_id": "GLSA-201709-19", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-19" }, { "reference_url": "https://usn.ubuntu.com/3322-1/", "reference_id": "USN-3322-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3322-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39450?format=api", "purl": "pkg:deb/debian/exim4@4.89-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.89-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-1000369" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v7k7-yd16-qfce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84268?format=api", "vulnerability_id": "VCID-w86m-chaw-13bw", "summary": "In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40684", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40756", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40934", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40947", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40923", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40684" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40684" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/04/30/21", "reference_id": "21", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:46Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/04/30/21" }, { "reference_url": "https://code.exim.org/exim/exim/commit/628bbaca7672748d941a12e7cd5f0122a4e18c81", "reference_id": "628bbaca7672748d941a12e7cd5f0122a4e18c81", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:46Z/" } ], "url": "https://code.exim.org/exim/exim/commit/628bbaca7672748d941a12e7cd5f0122a4e18c81" }, { "reference_url": "https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40684.assessment", "reference_id": "CVE2026-40684.assessment", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:46Z/" } ], "url": "https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40684.assessment" }, { "reference_url": "https://exim.org/static/doc/security/CVE-2026-40684.txt", "reference_id": "CVE-2026-40684.txt", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:46Z/" } ], "url": "https://exim.org/static/doc/security/CVE-2026-40684.txt" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39543?format=api", "purl": "pkg:deb/debian/exim4@4.99.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-40684" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w86m-chaw-13bw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/177691?format=api", "vulnerability_id": "VCID-wgdp-4t5f-xfaf", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15846.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15846.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15846", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.63986", "scoring_system": "epss", "scoring_elements": "0.98458", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.65447", "scoring_system": "epss", "scoring_elements": "0.98513", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.65447", "scoring_system": "epss", "scoring_elements": "0.98518", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15846" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748397", "reference_id": "1748397", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1748397" }, { "reference_url": "https://security.archlinux.org/ASA-201909-3", "reference_id": "ASA-201909-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201909-3" }, { "reference_url": "https://security.archlinux.org/AVG-1037", "reference_id": "AVG-1037", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1037" }, { "reference_url": "https://security.gentoo.org/glsa/201909-06", "reference_id": "GLSA-201909-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201909-06" }, { "reference_url": "https://usn.ubuntu.com/4124-1/", "reference_id": "USN-4124-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4124-1/" }, { "reference_url": "https://usn.ubuntu.com/4124-2/", "reference_id": "USN-4124-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4124-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39465?format=api", "purl": "pkg:deb/debian/exim4@4.92.1-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.92.1-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-15846" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wgdp-4t5f-xfaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87304?format=api", "vulnerability_id": "VCID-x2um-ftjf-vfec", "summary": "Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4344.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4344.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4344", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.51873", "scoring_system": "epss", "scoring_elements": "0.97974", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.51873", "scoring_system": "epss", "scoring_elements": "0.97972", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.51873", "scoring_system": "epss", "scoring_elements": "0.97965", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4344" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4344", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4344" }, { "reference_url": "http://openwall.com/lists/oss-security/2010/12/10/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://openwall.com/lists/oss-security/2010/12/10/1" }, { "reference_url": "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html", "reference_id": "20101207.215955.bb32d4f2.en.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html" }, { "reference_url": "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html", "reference_id": "20101210.164935.385e04d0.en.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html" }, { "reference_url": "http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b", "reference_id": "24c929a27415c7cfc7126c47e4cad39acf3efa6b", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3171", "reference_id": "3171", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3171" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3172", "reference_id": "3172", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3172" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3181", "reference_id": "3181", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3181" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3186", "reference_id": "3186", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3186" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3204", "reference_id": "3204", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3204" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3246", "reference_id": "3246", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3246" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3317", "reference_id": "3317", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3317" }, { "reference_url": "http://secunia.com/advisories/40019", "reference_id": "40019", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://secunia.com/advisories/40019" }, { "reference_url": "http://secunia.com/advisories/42576", "reference_id": "42576", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://secunia.com/advisories/42576" }, { "reference_url": "http://secunia.com/advisories/42586", "reference_id": "42586", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://secunia.com/advisories/42586" }, { "reference_url": "http://secunia.com/advisories/42587", "reference_id": "42587", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://secunia.com/advisories/42587" }, { "reference_url": "http://secunia.com/advisories/42589", "reference_id": "42589", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://secunia.com/advisories/42589" }, { "reference_url": "http://www.securityfocus.com/bid/45308", "reference_id": "45308", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.securityfocus.com/bid/45308" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606612", "reference_id": "606612", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606612" }, { "reference_url": "http://www.kb.cert.org/vuls/id/682457", "reference_id": "682457", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.kb.cert.org/vuls/id/682457" }, { "reference_url": "http://www.osvdb.org/69685", "reference_id": "69685", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.osvdb.org/69685" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/04/7", "reference_id": "7", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/04/7" }, { "reference_url": "http://atmail.com/blog/2010/atmail-6204-now-available/", "reference_id": "atmail-6204-now-available", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://atmail.com/blog/2010/atmail-6204-now-available/" }, { "reference_url": "ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70", "reference_id": "ChangeLog-4.70", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/15725.pl", "reference_id": "CVE-2010-4344;OSVDB-69685", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/15725.pl" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/16925.rb", "reference_id": "CVE-2010-4345;CVE-2010-4344;OSVDB-69685", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/16925.rb" }, { "reference_url": "http://www.debian.org/security/2010/dsa-2131", "reference_id": "dsa-2131", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.debian.org/security/2010/dsa-2131" }, { "reference_url": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format", "reference_id": "exim4_string_format", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format" }, { "reference_url": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/", "reference_id": "exim_code_execution_peril", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/" }, { "reference_url": "http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html", "reference_id": "exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html" }, { "reference_url": "https://security.gentoo.org/glsa/201401-32", "reference_id": "GLSA-201401-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-32" }, { "reference_url": "http://www.securitytracker.com/id?1024858", "reference_id": "id?1024858", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.securitytracker.com/id?1024858" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html", "reference_id": "msg00003.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0970", "reference_id": "RHSA-2010:0970", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0970" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0970.html", "reference_id": "RHSA-2010-0970.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0970.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=661756", "reference_id": "show_bug.cgi?id=661756", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=661756" }, { "reference_url": "http://bugs.exim.org/show_bug.cgi?id=787", "reference_id": "show_bug.cgi?id=787", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://bugs.exim.org/show_bug.cgi?id=787" }, { "reference_url": "http://www.securityfocus.com/archive/1/515172/100/0/threaded", "reference_id": "threaded", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.securityfocus.com/archive/1/515172/100/0/threaded" }, { "reference_url": "https://usn.ubuntu.com/1032-1/", "reference_id": "USN-1032-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1032-1/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1032-1", "reference_id": "USN-1032-1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.ubuntu.com/usn/USN-1032-1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39429?format=api", "purl": "pkg:deb/debian/exim4@4.70-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.70-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-4344" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x2um-ftjf-vfec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/108969?format=api", "vulnerability_id": "VCID-x2y8-pxnp-zfgv", "summary": "Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67896.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67896.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67896", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22774", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22781", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22794", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22586", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67896" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2025/12/11/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T21:27:33Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2025/12/11/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422034", "reference_id": "2422034", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422034" }, { "reference_url": "https://exim.org/static/doc/security/EXIM-Security-2025-12-09.1/report.txt", "reference_id": "report.txt", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T21:27:33Z/" } ], "url": "https://exim.org/static/doc/security/EXIM-Security-2025-12-09.1/report.txt" }, { "reference_url": "https://exim.org/static/doc/security/", "reference_id": "security", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T21:27:33Z/" } ], "url": "https://exim.org/static/doc/security/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39501?format=api", "purl": "pkg:deb/debian/exim4@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39540?format=api", "purl": "pkg:deb/debian/exim4@4.99-7?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99-7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-67896" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x2y8-pxnp-zfgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135685?format=api", "vulnerability_id": "VCID-x6nj-yg7f-uqce", "summary": "Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17554.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42117.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42117.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42117", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0735", "scoring_system": "epss", "scoring_elements": "0.9189", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0735", "scoring_system": "epss", "scoring_elements": "0.91918", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0735", "scoring_system": "epss", "scoring_elements": "0.91925", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0735", "scoring_system": "epss", "scoring_elements": "0.91922", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42117" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42117", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42117" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241531", "reference_id": "2241531", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241531" }, { "reference_url": "https://security.gentoo.org/glsa/202402-18", "reference_id": "GLSA-202402-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-18" }, { "reference_url": "https://usn.ubuntu.com/6455-1/", "reference_id": "USN-6455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6455-1/" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1471/", "reference_id": "ZDI-23-1471", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-03T16:58:53Z/" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1471/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39498?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39521?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39523?format=api", "purl": "pkg:deb/debian/exim4@4.97~RC2-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.97~RC2-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-42117" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x6nj-yg7f-uqce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179636?format=api", "vulnerability_id": "VCID-xp54-554m-uyhe", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28008", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15134", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1526", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.15266", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00047", "scoring_system": "epss", "scoring_elements": "0.1523", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026" }, { "reference_url": "https://security.archlinux.org/AVG-1911", "reference_id": "AVG-1911", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1911" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" }, { "reference_url": "https://usn.ubuntu.com/4934-2/", "reference_id": "USN-4934-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39471?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28008" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xp54-554m-uyhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/185409?format=api", "vulnerability_id": "VCID-ybax-pyue-jydp", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9963.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9963.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9963", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83569", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83629", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83638", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01884", "scoring_system": "epss", "scoring_elements": "0.83636", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9963" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9963", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9963" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1405322", "reference_id": "1405322", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1405322" }, { "reference_url": "https://security.archlinux.org/AVG-153", "reference_id": "AVG-153", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-153" }, { "reference_url": "https://usn.ubuntu.com/3164-1/", "reference_id": "USN-3164-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3164-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39447?format=api", "purl": "pkg:deb/debian/exim4@4.88~RC6-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.88~RC6-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-9963" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ybax-pyue-jydp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/105604?format=api", "vulnerability_id": "VCID-yqdx-ec3r-gbe1", "summary": "A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53881", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.094", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09454", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09447", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09435", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-53881" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53881", "reference_id": "show_bug.cgi?id=CVE-2025-53881", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-02T17:15:08Z/" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53881" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39501?format=api", "purl": "pkg:deb/debian/exim4@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-53881" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yqdx-ec3r-gbe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179645?format=api", "vulnerability_id": "VCID-zkjr-tb1h-skbt", "summary": "Multiple vulnerabilities have been found in Exim, the worst of\n which allows remote attackers to execute arbitrary code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03214", "scoring_system": "epss", "scoring_elements": "0.87324", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.03214", "scoring_system": "epss", "scoring_elements": "0.87369", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.03214", "scoring_system": "epss", "scoring_elements": "0.87375", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.03214", "scoring_system": "epss", "scoring_elements": "0.87372", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026" }, { "reference_url": "https://security.archlinux.org/AVG-1911", "reference_id": "AVG-1911", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1911" }, { "reference_url": "https://security.gentoo.org/glsa/202105-01", "reference_id": "GLSA-202105-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-01" }, { "reference_url": "https://usn.ubuntu.com/4934-1/", "reference_id": "USN-4934-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-1/" }, { "reference_url": "https://usn.ubuntu.com/4934-2/", "reference_id": "USN-4934-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4934-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39471?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39413?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-93x9-7cp1-s3d3" }, { "vulnerability": "VCID-hhte-snaq-ruh5" }, { "vulnerability": "VCID-syut-2gvg-jqer" }, { "vulnerability": "VCID-w86m-chaw-13bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39411?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39418?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39414?format=api", "purl": "pkg:deb/debian/exim4@4.99.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/39416?format=api", "purl": "pkg:deb/debian/exim4@4.99.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28017" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zkjr-tb1h-skbt" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie" }