Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ynbw-8a6a-sug8
Summary
Multiple vulnerabilities were found in Exim, the worst of which
    leading to remote execution of arbitrary code with root privileges.
Aliases
0
alias CVE-2010-4344
Fixed_packages
0
url pkg:deb/debian/exim4@4.70-1?distro=trixie
purl pkg:deb/debian/exim4@4.70-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.70-1%3Fdistro=trixie
1
url pkg:deb/debian/exim4@4.72-6%2Bsqueeze4
purl pkg:deb/debian/exim4@4.72-6%2Bsqueeze4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ev3-fe86-93e3
1
vulnerability VCID-1kpw-zhj4-jfaz
2
vulnerability VCID-1tqm-3s38-fqcn
3
vulnerability VCID-2qea-x4nk-zfba
4
vulnerability VCID-3z7r-efh2-tyf9
5
vulnerability VCID-55h7-dczu-rfhe
6
vulnerability VCID-56xq-sgry-2uhd
7
vulnerability VCID-5e2k-ure4-wfdf
8
vulnerability VCID-69es-qatu-uub2
9
vulnerability VCID-6dwr-t9kn-2yfn
10
vulnerability VCID-7vuu-yzmu-duew
11
vulnerability VCID-838e-pk6w-t3by
12
vulnerability VCID-85sn-frqr-wqc1
13
vulnerability VCID-87un-11ea-myhg
14
vulnerability VCID-92ug-3eae-tydc
15
vulnerability VCID-avxe-yhcq-wudx
16
vulnerability VCID-bgxc-8scn-z7e8
17
vulnerability VCID-bz4v-p82a-skgk
18
vulnerability VCID-c9g9-ufem-9bgr
19
vulnerability VCID-caau-2ury-hbbs
20
vulnerability VCID-e844-g11f-f7fd
21
vulnerability VCID-f998-369d-r3ds
22
vulnerability VCID-kxtk-ybzc-eyfj
23
vulnerability VCID-m8mt-ya9x-yqaq
24
vulnerability VCID-mssq-pkfp-fbhg
25
vulnerability VCID-mwem-kfpv-eqf2
26
vulnerability VCID-p285-6bu3-vuh5
27
vulnerability VCID-puuy-w6ze-9kc7
28
vulnerability VCID-pzsv-7fee-1ugu
29
vulnerability VCID-qr4y-643y-dqdz
30
vulnerability VCID-qupq-a4jw-bbhh
31
vulnerability VCID-qyqw-2gga-m3c6
32
vulnerability VCID-raam-5am9-hbef
33
vulnerability VCID-rfam-rzrr-abhb
34
vulnerability VCID-rgkw-1sqv-d7hx
35
vulnerability VCID-rrea-52kb-3qf1
36
vulnerability VCID-sam4-h21q-dkej
37
vulnerability VCID-stsb-pwen-87g7
38
vulnerability VCID-swer-ztd6-nkga
39
vulnerability VCID-teft-hqz3-7ubr
40
vulnerability VCID-tpt6-ze4u-a7dt
41
vulnerability VCID-ujms-hna1-z7e6
42
vulnerability VCID-v1t8-y73h-vyee
43
vulnerability VCID-vykx-t8yc-tycc
44
vulnerability VCID-x7cz-svaj-rkb5
45
vulnerability VCID-yytq-tcvz-43dq
46
vulnerability VCID-z51d-zdeq-suas
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.72-6%252Bsqueeze4
2
url pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie
3
url pkg:deb/debian/exim4@4.96-15%2Bdeb12u7?distro=trixie
purl pkg:deb/debian/exim4@4.96-15%2Bdeb12u7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u7%3Fdistro=trixie
4
url pkg:deb/debian/exim4@4.98.2-1?distro=trixie
purl pkg:deb/debian/exim4@4.98.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%3Fdistro=trixie
5
url pkg:deb/debian/exim4@4.99.1-1?distro=trixie
purl pkg:deb/debian/exim4@4.99.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.1-1%3Fdistro=trixie
6
url pkg:ebuild/mail-mta/exim@4.80.1
purl pkg:ebuild/mail-mta/exim@4.80.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-mta/exim@4.80.1
Affected_packages
0
url pkg:deb/debian/exim4@4.50-8sarge2
purl pkg:deb/debian/exim4@4.50-8sarge2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ev3-fe86-93e3
1
vulnerability VCID-1kpw-zhj4-jfaz
2
vulnerability VCID-1tqm-3s38-fqcn
3
vulnerability VCID-2qea-x4nk-zfba
4
vulnerability VCID-3z7r-efh2-tyf9
5
vulnerability VCID-55h7-dczu-rfhe
6
vulnerability VCID-56xq-sgry-2uhd
7
vulnerability VCID-5e2k-ure4-wfdf
8
vulnerability VCID-5vks-gjgj-euhp
9
vulnerability VCID-69es-qatu-uub2
10
vulnerability VCID-6dwr-t9kn-2yfn
11
vulnerability VCID-7vuu-yzmu-duew
12
vulnerability VCID-838e-pk6w-t3by
13
vulnerability VCID-85sn-frqr-wqc1
14
vulnerability VCID-879s-a42x-bqhu
15
vulnerability VCID-87un-11ea-myhg
16
vulnerability VCID-92ug-3eae-tydc
17
vulnerability VCID-avxe-yhcq-wudx
18
vulnerability VCID-bdkr-87xb-4yf8
19
vulnerability VCID-bgxc-8scn-z7e8
20
vulnerability VCID-bz4v-p82a-skgk
21
vulnerability VCID-c9g9-ufem-9bgr
22
vulnerability VCID-caau-2ury-hbbs
23
vulnerability VCID-e844-g11f-f7fd
24
vulnerability VCID-f998-369d-r3ds
25
vulnerability VCID-kxtk-ybzc-eyfj
26
vulnerability VCID-m8mt-ya9x-yqaq
27
vulnerability VCID-mssq-pkfp-fbhg
28
vulnerability VCID-mwem-kfpv-eqf2
29
vulnerability VCID-p285-6bu3-vuh5
30
vulnerability VCID-pdm2-w3dk-p7gd
31
vulnerability VCID-puuy-w6ze-9kc7
32
vulnerability VCID-pzsv-7fee-1ugu
33
vulnerability VCID-qr4y-643y-dqdz
34
vulnerability VCID-qupq-a4jw-bbhh
35
vulnerability VCID-qyqw-2gga-m3c6
36
vulnerability VCID-raam-5am9-hbef
37
vulnerability VCID-rfam-rzrr-abhb
38
vulnerability VCID-rgkw-1sqv-d7hx
39
vulnerability VCID-rrea-52kb-3qf1
40
vulnerability VCID-sam4-h21q-dkej
41
vulnerability VCID-stsb-pwen-87g7
42
vulnerability VCID-swer-ztd6-nkga
43
vulnerability VCID-teft-hqz3-7ubr
44
vulnerability VCID-tpt6-ze4u-a7dt
45
vulnerability VCID-ujms-hna1-z7e6
46
vulnerability VCID-v1t8-y73h-vyee
47
vulnerability VCID-vykx-t8yc-tycc
48
vulnerability VCID-x7cz-svaj-rkb5
49
vulnerability VCID-ynbw-8a6a-sug8
50
vulnerability VCID-yytq-tcvz-43dq
51
vulnerability VCID-z51d-zdeq-suas
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.50-8sarge2
1
url pkg:deb/debian/exim4@4.63-17
purl pkg:deb/debian/exim4@4.63-17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ev3-fe86-93e3
1
vulnerability VCID-1kpw-zhj4-jfaz
2
vulnerability VCID-1tqm-3s38-fqcn
3
vulnerability VCID-2qea-x4nk-zfba
4
vulnerability VCID-3z7r-efh2-tyf9
5
vulnerability VCID-55h7-dczu-rfhe
6
vulnerability VCID-56xq-sgry-2uhd
7
vulnerability VCID-5e2k-ure4-wfdf
8
vulnerability VCID-5vks-gjgj-euhp
9
vulnerability VCID-69es-qatu-uub2
10
vulnerability VCID-6dwr-t9kn-2yfn
11
vulnerability VCID-7vuu-yzmu-duew
12
vulnerability VCID-838e-pk6w-t3by
13
vulnerability VCID-85sn-frqr-wqc1
14
vulnerability VCID-879s-a42x-bqhu
15
vulnerability VCID-87un-11ea-myhg
16
vulnerability VCID-92ug-3eae-tydc
17
vulnerability VCID-avxe-yhcq-wudx
18
vulnerability VCID-bdkr-87xb-4yf8
19
vulnerability VCID-bgxc-8scn-z7e8
20
vulnerability VCID-bz4v-p82a-skgk
21
vulnerability VCID-c9g9-ufem-9bgr
22
vulnerability VCID-caau-2ury-hbbs
23
vulnerability VCID-e844-g11f-f7fd
24
vulnerability VCID-f998-369d-r3ds
25
vulnerability VCID-kxtk-ybzc-eyfj
26
vulnerability VCID-m8mt-ya9x-yqaq
27
vulnerability VCID-mssq-pkfp-fbhg
28
vulnerability VCID-mwem-kfpv-eqf2
29
vulnerability VCID-p285-6bu3-vuh5
30
vulnerability VCID-pdm2-w3dk-p7gd
31
vulnerability VCID-puuy-w6ze-9kc7
32
vulnerability VCID-pzsv-7fee-1ugu
33
vulnerability VCID-qr4y-643y-dqdz
34
vulnerability VCID-qupq-a4jw-bbhh
35
vulnerability VCID-qyqw-2gga-m3c6
36
vulnerability VCID-raam-5am9-hbef
37
vulnerability VCID-rfam-rzrr-abhb
38
vulnerability VCID-rgkw-1sqv-d7hx
39
vulnerability VCID-rrea-52kb-3qf1
40
vulnerability VCID-sam4-h21q-dkej
41
vulnerability VCID-stsb-pwen-87g7
42
vulnerability VCID-swer-ztd6-nkga
43
vulnerability VCID-teft-hqz3-7ubr
44
vulnerability VCID-tpt6-ze4u-a7dt
45
vulnerability VCID-ujms-hna1-z7e6
46
vulnerability VCID-v1t8-y73h-vyee
47
vulnerability VCID-vykx-t8yc-tycc
48
vulnerability VCID-x7cz-svaj-rkb5
49
vulnerability VCID-ynbw-8a6a-sug8
50
vulnerability VCID-yytq-tcvz-43dq
51
vulnerability VCID-z51d-zdeq-suas
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.63-17
2
url pkg:deb/debian/exim4@4.69-9%2Blenny4
purl pkg:deb/debian/exim4@4.69-9%2Blenny4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ev3-fe86-93e3
1
vulnerability VCID-1kpw-zhj4-jfaz
2
vulnerability VCID-1tqm-3s38-fqcn
3
vulnerability VCID-2qea-x4nk-zfba
4
vulnerability VCID-3z7r-efh2-tyf9
5
vulnerability VCID-55h7-dczu-rfhe
6
vulnerability VCID-56xq-sgry-2uhd
7
vulnerability VCID-5e2k-ure4-wfdf
8
vulnerability VCID-5vks-gjgj-euhp
9
vulnerability VCID-69es-qatu-uub2
10
vulnerability VCID-6dwr-t9kn-2yfn
11
vulnerability VCID-7vuu-yzmu-duew
12
vulnerability VCID-838e-pk6w-t3by
13
vulnerability VCID-85sn-frqr-wqc1
14
vulnerability VCID-879s-a42x-bqhu
15
vulnerability VCID-87un-11ea-myhg
16
vulnerability VCID-92ug-3eae-tydc
17
vulnerability VCID-avxe-yhcq-wudx
18
vulnerability VCID-bdkr-87xb-4yf8
19
vulnerability VCID-bgxc-8scn-z7e8
20
vulnerability VCID-bz4v-p82a-skgk
21
vulnerability VCID-c9g9-ufem-9bgr
22
vulnerability VCID-caau-2ury-hbbs
23
vulnerability VCID-e844-g11f-f7fd
24
vulnerability VCID-f998-369d-r3ds
25
vulnerability VCID-kxtk-ybzc-eyfj
26
vulnerability VCID-m8mt-ya9x-yqaq
27
vulnerability VCID-mssq-pkfp-fbhg
28
vulnerability VCID-mwem-kfpv-eqf2
29
vulnerability VCID-p285-6bu3-vuh5
30
vulnerability VCID-pdm2-w3dk-p7gd
31
vulnerability VCID-puuy-w6ze-9kc7
32
vulnerability VCID-pzsv-7fee-1ugu
33
vulnerability VCID-qr4y-643y-dqdz
34
vulnerability VCID-qupq-a4jw-bbhh
35
vulnerability VCID-qyqw-2gga-m3c6
36
vulnerability VCID-raam-5am9-hbef
37
vulnerability VCID-rfam-rzrr-abhb
38
vulnerability VCID-rgkw-1sqv-d7hx
39
vulnerability VCID-rrea-52kb-3qf1
40
vulnerability VCID-sam4-h21q-dkej
41
vulnerability VCID-stsb-pwen-87g7
42
vulnerability VCID-swer-ztd6-nkga
43
vulnerability VCID-teft-hqz3-7ubr
44
vulnerability VCID-tpt6-ze4u-a7dt
45
vulnerability VCID-ujms-hna1-z7e6
46
vulnerability VCID-v1t8-y73h-vyee
47
vulnerability VCID-vykx-t8yc-tycc
48
vulnerability VCID-x7cz-svaj-rkb5
49
vulnerability VCID-ynbw-8a6a-sug8
50
vulnerability VCID-yytq-tcvz-43dq
51
vulnerability VCID-z51d-zdeq-suas
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.69-9%252Blenny4
3
url pkg:rpm/redhat/exim@4.43-1.RHEL4.5.el4_7?arch=1
purl pkg:rpm/redhat/exim@4.43-1.RHEL4.5.el4_7?arch=1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ynbw-8a6a-sug8
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/exim@4.43-1.RHEL4.5.el4_7%3Farch=1
4
url pkg:rpm/redhat/exim@4.43-1.RHEL4.5.el4_8?arch=1
purl pkg:rpm/redhat/exim@4.43-1.RHEL4.5.el4_8?arch=1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ynbw-8a6a-sug8
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/exim@4.43-1.RHEL4.5.el4_8%3Farch=1
5
url pkg:rpm/redhat/exim@4.63-3.el5_3?arch=1
purl pkg:rpm/redhat/exim@4.63-3.el5_3?arch=1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ynbw-8a6a-sug8
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/exim@4.63-3.el5_3%3Farch=1
6
url pkg:rpm/redhat/exim@4.63-3.el5_4?arch=1
purl pkg:rpm/redhat/exim@4.63-3.el5_4?arch=1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ynbw-8a6a-sug8
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/exim@4.63-3.el5_4%3Farch=1
7
url pkg:rpm/redhat/exim@4.63-5.el5_5?arch=2
purl pkg:rpm/redhat/exim@4.63-5.el5_5?arch=2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ynbw-8a6a-sug8
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/exim@4.63-5.el5_5%3Farch=2
References
0
reference_url ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70
1
reference_url http://atmail.com/blog/2010/atmail-6204-now-available/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://atmail.com/blog/2010/atmail-6204-now-available/
2
reference_url http://bugs.exim.org/show_bug.cgi?id=787
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://bugs.exim.org/show_bug.cgi?id=787
3
reference_url http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b
4
reference_url http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
5
reference_url http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
6
reference_url http://openwall.com/lists/oss-security/2010/12/10/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://openwall.com/lists/oss-security/2010/12/10/1
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4344.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4344.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-4344
reference_id
reference_type
scores
0
value 0.53064
scoring_system epss
scoring_elements 0.97966
published_at 2026-04-21T12:55:00Z
1
value 0.61461
scoring_system epss
scoring_elements 0.98312
published_at 2026-04-01T12:55:00Z
2
value 0.61461
scoring_system epss
scoring_elements 0.98314
published_at 2026-04-02T12:55:00Z
3
value 0.61461
scoring_system epss
scoring_elements 0.98317
published_at 2026-04-04T12:55:00Z
4
value 0.61461
scoring_system epss
scoring_elements 0.98319
published_at 2026-04-07T12:55:00Z
5
value 0.61461
scoring_system epss
scoring_elements 0.98324
published_at 2026-04-08T12:55:00Z
6
value 0.61461
scoring_system epss
scoring_elements 0.98325
published_at 2026-04-09T12:55:00Z
7
value 0.61461
scoring_system epss
scoring_elements 0.98328
published_at 2026-04-13T12:55:00Z
8
value 0.61461
scoring_system epss
scoring_elements 0.98333
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-4344
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4344
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4344
10
reference_url http://secunia.com/advisories/40019
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://secunia.com/advisories/40019
11
reference_url http://secunia.com/advisories/42576
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://secunia.com/advisories/42576
12
reference_url http://secunia.com/advisories/42586
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://secunia.com/advisories/42586
13
reference_url http://secunia.com/advisories/42587
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://secunia.com/advisories/42587
14
reference_url http://secunia.com/advisories/42589
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://secunia.com/advisories/42589
15
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4344
reference_id
reference_type
scores
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4344
16
reference_url http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html
17
reference_url http://www.debian.org/security/2010/dsa-2131
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://www.debian.org/security/2010/dsa-2131
18
reference_url http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
19
reference_url http://www.kb.cert.org/vuls/id/682457
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://www.kb.cert.org/vuls/id/682457
20
reference_url http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
21
reference_url http://www.openwall.com/lists/oss-security/2021/05/04/7
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://www.openwall.com/lists/oss-security/2021/05/04/7
22
reference_url http://www.osvdb.org/69685
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://www.osvdb.org/69685
23
reference_url http://www.redhat.com/support/errata/RHSA-2010-0970.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://www.redhat.com/support/errata/RHSA-2010-0970.html
24
reference_url http://www.securityfocus.com/archive/1/515172/100/0/threaded
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://www.securityfocus.com/archive/1/515172/100/0/threaded
25
reference_url http://www.securityfocus.com/bid/45308
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://www.securityfocus.com/bid/45308
26
reference_url http://www.securitytracker.com/id?1024858
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://www.securitytracker.com/id?1024858
27
reference_url http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
28
reference_url http://www.ubuntu.com/usn/USN-1032-1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://www.ubuntu.com/usn/USN-1032-1
29
reference_url http://www.vupen.com/english/advisories/2010/3171
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://www.vupen.com/english/advisories/2010/3171
30
reference_url http://www.vupen.com/english/advisories/2010/3172
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://www.vupen.com/english/advisories/2010/3172
31
reference_url http://www.vupen.com/english/advisories/2010/3181
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://www.vupen.com/english/advisories/2010/3181
32
reference_url http://www.vupen.com/english/advisories/2010/3186
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://www.vupen.com/english/advisories/2010/3186
33
reference_url http://www.vupen.com/english/advisories/2010/3204
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://www.vupen.com/english/advisories/2010/3204
34
reference_url http://www.vupen.com/english/advisories/2010/3246
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://www.vupen.com/english/advisories/2010/3246
35
reference_url http://www.vupen.com/english/advisories/2010/3317
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url http://www.vupen.com/english/advisories/2010/3317
36
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606612
reference_id 606612
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606612
37
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=661756
reference_id 661756
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=661756
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/detail/CVE-2010-4344
reference_id CVE-2010-4344
reference_type
scores
0
value 9.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:C/I:C/A:C
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2010-4344
47
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/15725.pl
reference_id CVE-2010-4344;OSVDB-69685
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/15725.pl
48
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/16925.rb
reference_id CVE-2010-4345;CVE-2010-4344;OSVDB-69685
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/16925.rb
49
reference_url https://security.gentoo.org/glsa/201401-32
reference_id GLSA-201401-32
reference_type
scores
url https://security.gentoo.org/glsa/201401-32
50
reference_url https://access.redhat.com/errata/RHSA-2010:0970
reference_id RHSA-2010:0970
reference_type
scores
url https://access.redhat.com/errata/RHSA-2010:0970
51
reference_url https://usn.ubuntu.com/1032-1/
reference_id USN-1032-1
reference_type
scores
url https://usn.ubuntu.com/1032-1/
Weaknesses
0
cwe_id 78
name Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
1
cwe_id 787
name Out-of-bounds Write
description The product writes data past the end, or before the beginning, of the intended buffer.
Exploits
0
date_added null
description 
This module exploits a heap buffer overflow within versions of Exim prior to
          version 4.69. By sending a specially crafted message, an attacker can corrupt the
          heap and execute arbitrary code with the privileges of the Exim daemon.

          The root cause is that no check is made to ensure that the buffer is not full
          prior to handling '%s' format specifiers within the 'string_vformat' function.
          In order to trigger this issue, we get our message rejected by sending a message
          that is too large. This will call into log_write to log rejection headers (which
          is a default configuration setting). After filling the buffer, a long header
          string is sent. In a successful attempt, it overwrites the ACL for the 'MAIL
          FROM' command. By sending a second message, the string we sent will be evaluated
          with 'expand_string' and arbitrary shell commands can be executed.

          It is likely that this issue could also be exploited using other techniques such
          as targeting in-band heap management structures, or perhaps even function pointers
          stored in the heap. However, these techniques would likely be far more platform
          specific, more complicated, and less reliable.

          This bug was original found and reported in December 2008, but was not
          properly handled as a security issue. Therefore, there was a 2 year lag time
          between when the issue was fixed and when it was discovered being exploited
          in the wild. At that point, the issue was assigned a CVE and began being
          addressed by downstream vendors.

          An additional vulnerability, CVE-2010-4345, was also used in the attack that
          led to the discovery of danger of this bug. This bug allows a local user to
          gain root privileges from the Exim user account. If the Perl interpreter is
          found on the remote system, this module will automatically exploit the
          secondary bug as well to get root.
required_action null
due_date null
notes 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
known_ransomware_campaign_use false
source_date_published 2010-12-07
exploit_type null
platform Unix
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/smtp/exim4_string_format.rb
1
date_added 2010-12-16
description Exim4 < 4.69 - string_format Function Heap Buffer Overflow (Metasploit)
required_action null
due_date null
notes null
known_ransomware_campaign_use true
source_date_published 2010-12-16
exploit_type remote
platform linux
source_date_updated 2011-03-06
data_source Exploit-DB
source_url
2
date_added 2022-03-25
description Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session.
required_action Apply updates per vendor instructions.
due_date 2022-04-15
notes https://nvd.nist.gov/vuln/detail/CVE-2010-4344
known_ransomware_campaign_use false
source_date_published null
exploit_type null
platform null
source_date_updated null
data_source KEV
source_url null
Severity_range_score9.3 - 9.8
Exploitability2.0
Weighted_severity8.8
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ynbw-8a6a-sug8