{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","type":"deb","namespace":"debian","name":"exim4","version":"4.99.4-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46550?format=json","vulnerability_id":"VCID-11f7-csrn-8qca","summary":"Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39929.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-39929.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39929","reference_id":"","reference_type":"","scores":[{"value":"0.6031","scoring_system":"epss","scoring_elements":"0.98318","published_at":"2026-06-13T12:55:00Z"},{"value":"0.6031","scoring_system":"epss","scoring_elements":"0.98313","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39929","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39929"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1075785","reference_id":"1075785","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1075785"},{"reference_url":"https://git.exim.org/exim.git/commit/1b3209b0577a9327ebb076f3b32b8a159c253f7b","reference_id":"1b3209b0577a9327ebb076f3b32b8a159c253f7b","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T16:09:08Z/"}],"url":"https://git.exim.org/exim.git/commit/1b3209b0577a9327ebb076f3b32b8a159c253f7b"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295819","reference_id":"2295819","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2295819"},{"reference_url":"https://git.exim.org/exim.git/commit/6ce5c70cff8989418e05d01fd2a57703007a6357","reference_id":"6ce5c70cff8989418e05d01fd2a57703007a6357","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T16:09:08Z/"}],"url":"https://git.exim.org/exim.git/commit/6ce5c70cff8989418e05d01fd2a57703007a6357"},{"reference_url":"https://github.com/Exim/exim/compare/exim-4.98-RC2...exim-4.98-RC3","reference_id":"exim-4.98-RC2...exim-4.98-RC3","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T16:09:08Z/"}],"url":"https://github.com/Exim/exim/compare/exim-4.98-RC2...exim-4.98-RC3"},{"reference_url":"https://www.rfc-editor.org/rfc/rfc2231.txt","reference_id":"rfc2231.txt","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T16:09:08Z/"}],"url":"https://www.rfc-editor.org/rfc/rfc2231.txt"},{"reference_url":"https://bugs.exim.org/show_bug.cgi?id=3099#c4","reference_id":"show_bug.cgi?id=3099#c4","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T16:09:08Z/"}],"url":"https://bugs.exim.org/show_bug.cgi?id=3099#c4"},{"reference_url":"https://usn.ubuntu.com/6939-1/","reference_id":"USN-6939-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6939-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39532?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39533?format=json","purl":"pkg:deb/debian/exim4@4.98~RC3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98~RC3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2024-39929"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11f7-csrn-8qca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/135528?format=json","vulnerability_id":"VCID-187h-k5te-7fay","summary":"Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account.\n. Was ZDI-CAN-17643.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42119.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42119.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42119","reference_id":"","reference_type":"","scores":[{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.73151","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.73228","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.73243","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42119"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42119","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42119"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241542","reference_id":"2241542","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241542"},{"reference_url":"https://security.gentoo.org/glsa/202402-18","reference_id":"GLSA-202402-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-18"},{"reference_url":"https://usn.ubuntu.com/6455-1/","reference_id":"USN-6455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6455-1/"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-23-1473/","reference_id":"ZDI-23-1473","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-05T16:29:47Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-1473/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39498?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39521?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39523?format=json","purl":"pkg:deb/debian/exim4@4.97~RC2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.97~RC2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2023-42119"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-187h-k5te-7fay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/161758?format=json","vulnerability_id":"VCID-1ez7-f2qd-e7b6","summary":"A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10149.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10149.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10149","reference_id":"","reference_type":"","scores":[{"value":"0.93918","scoring_system":"epss","scoring_elements":"0.99887","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10149"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10149","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10149"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/06/06/1","reference_id":"1","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/06/06/1"},{"reference_url":"http://www.securityfocus.com/bid/108679","reference_id":"108679","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://www.securityfocus.com/bid/108679"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Jun/16","reference_id":"16","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://seclists.org/fulldisclosure/2019/Jun/16"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1715237","reference_id":"1715237","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1715237"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/06/05/2","reference_id":"2","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/06/05/2"},{"reference_url":"https://security.gentoo.org/glsa/201906-01","reference_id":"201906-01","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"https://security.gentoo.org/glsa/201906-01"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/06/05/3","reference_id":"3","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/06/05/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/06/05/4","reference_id":"4","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/06/05/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/07/26/4","reference_id":"4","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/07/26/4"},{"reference_url":"https://usn.ubuntu.com/4010-1/","reference_id":"4010-1","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"https://usn.ubuntu.com/4010-1/"},{"reference_url":"https://seclists.org/bugtraq/2019/Jun/5","reference_id":"5","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"https://seclists.org/bugtraq/2019/Jun/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/07/25/6","reference_id":"6","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/07/25/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/07/25/7","reference_id":"7","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/07/25/7"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/04/7","reference_id":"7","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/05/04/7"},{"reference_url":"https://security.archlinux.org/AVG-982","reference_id":"AVG-982","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-982"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46996.sh","reference_id":"CVE-2019-10149","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46996.sh"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/47307.rb","reference_id":"CVE-2019-10149","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/47307.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/46974.txt","reference_id":"CVE-2019-10149","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/46974.txt"},{"reference_url":"https://lwn.net/Articles/790553/","reference_id":"CVE-2019-10149","reference_type":"exploit","scores":[],"url":"https://lwn.net/Articles/790553/"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/local/exim4_deliver_message_priv_esc.rb","reference_id":"CVE-2019-10149","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/local/exim4_deliver_message_priv_esc.rb"},{"reference_url":"https://www.exim.org/static/doc/security/CVE-2019-10149.txt","reference_id":"CVE-2019-10149.txt","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"https://www.exim.org/static/doc/security/CVE-2019-10149.txt"},{"reference_url":"https://www.debian.org/security/2019/dsa-4456","reference_id":"dsa-4456","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"https://www.debian.org/security/2019/dsa-4456"},{"reference_url":"http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.html","reference_id":"Exim-4.91-Local-Privilege-Escalation.html","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.html"},{"reference_url":"http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.html","reference_id":"Exim-4.91-Local-Privilege-Escalation.html","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.html"},{"reference_url":"http://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html","reference_id":"Exim-4.9.1-Remote-Command-Execution.html","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00020.html","reference_id":"msg00020.html","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00020.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10149","reference_id":"show_bug.cgi?id=CVE-2019-10149","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10149"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39462?format=json","purl":"pkg:deb/debian/exim4@4.92~RC3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.92~RC3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2019-10149"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ez7-f2qd-e7b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/135468?format=json","vulnerability_id":"VCID-1ftq-tne2-1bc1","summary":"Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this vulnerability to disclose information in the context of the service account.\n. Was ZDI-CAN-17433.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42114.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42114.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42114","reference_id":"","reference_type":"","scores":[{"value":"0.13895","scoring_system":"epss","scoring_elements":"0.94474","published_at":"2026-06-11T12:55:00Z"},{"value":"0.13895","scoring_system":"epss","scoring_elements":"0.94493","published_at":"2026-06-12T12:55:00Z"},{"value":"0.13895","scoring_system":"epss","scoring_elements":"0.94499","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42114"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42114","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42114"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42116"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241538","reference_id":"2241538","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241538"},{"reference_url":"https://security.gentoo.org/glsa/202402-18","reference_id":"GLSA-202402-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-18"},{"reference_url":"https://usn.ubuntu.com/6411-1/","reference_id":"USN-6411-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6411-1/"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-23-1468/","reference_id":"ZDI-23-1468","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-03T17:07:34Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-1468/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39511?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39510?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39513?format=json","purl":"pkg:deb/debian/exim4@4.97~RC1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.97~RC1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2023-42114"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ftq-tne2-1bc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179654?format=json","vulnerability_id":"VCID-1k38-97z2-cfcb","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28026","reference_id":"","reference_type":"","scores":[{"value":"0.0426","scoring_system":"epss","scoring_elements":"0.8906","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0426","scoring_system":"epss","scoring_elements":"0.89098","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0426","scoring_system":"epss","scoring_elements":"0.89106","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28026"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026"},{"reference_url":"https://security.archlinux.org/AVG-1911","reference_id":"AVG-1911","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1911"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"},{"reference_url":"https://usn.ubuntu.com/4934-2/","reference_id":"USN-4934-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39471?format=json","purl":"pkg:deb/debian/exim4@4.94.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28026"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1k38-97z2-cfcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179652?format=json","vulnerability_id":"VCID-1r5f-rbf8-xygu","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28024","reference_id":"","reference_type":"","scores":[{"value":"0.05505","scoring_system":"epss","scoring_elements":"0.90438","published_at":"2026-06-11T12:55:00Z"},{"value":"0.05505","scoring_system":"epss","scoring_elements":"0.90469","published_at":"2026-06-12T12:55:00Z"},{"value":"0.05505","scoring_system":"epss","scoring_elements":"0.90477","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026"},{"reference_url":"https://security.archlinux.org/AVG-1911","reference_id":"AVG-1911","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1911"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"},{"reference_url":"https://usn.ubuntu.com/4934-2/","reference_id":"USN-4934-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39471?format=json","purl":"pkg:deb/debian/exim4@4.94.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28024"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1r5f-rbf8-xygu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/159608?format=json","vulnerability_id":"VCID-2sqq-jsr5-n3aw","summary":"An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6789.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6789.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6789","reference_id":"","reference_type":"","scores":[{"value":"0.86592","scoring_system":"epss","scoring_elements":"0.99439","published_at":"2026-06-11T12:55:00Z"},{"value":"0.86592","scoring_system":"epss","scoring_elements":"0.9944","published_at":"2026-06-12T12:55:00Z"},{"value":"0.86592","scoring_system":"epss","scoring_elements":"0.99441","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6789"},{"reference_url":"http://www.securityfocus.com/bid/103049","reference_id":"103049","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/"}],"url":"http://www.securityfocus.com/bid/103049"},{"reference_url":"http://www.securitytracker.com/id/1040461","reference_id":"1040461","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/"}],"url":"http://www.securitytracker.com/id/1040461"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1543268","reference_id":"1543268","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1543268"},{"reference_url":"http://openwall.com/lists/oss-security/2018/02/10/2","reference_id":"2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/"}],"url":"http://openwall.com/lists/oss-security/2018/02/10/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2018/02/07/2","reference_id":"2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/"}],"url":"http://www.openwall.com/lists/oss-security/2018/02/07/2"},{"reference_url":"https://usn.ubuntu.com/3565-1/","reference_id":"3565-1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/"}],"url":"https://usn.ubuntu.com/3565-1/"},{"reference_url":"https://www.exploit-db.com/exploits/44571/","reference_id":"44571","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/"}],"url":"https://www.exploit-db.com/exploits/44571/"},{"reference_url":"https://www.exploit-db.com/exploits/45671/","reference_id":"45671","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/"}],"url":"https://www.exploit-db.com/exploits/45671/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890000","reference_id":"890000","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890000"},{"reference_url":"https://security.archlinux.org/ASA-201802-6","reference_id":"ASA-201802-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201802-6"},{"reference_url":"https://security.archlinux.org/AVG-608","reference_id":"AVG-608","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-608"},{"reference_url":"https://git.exim.org/exim.git/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1","reference_id":"cf3cd306062a08969c41a1cdd32c6855f1abecf1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/"}],"url":"https://git.exim.org/exim.git/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/44571.py","reference_id":"CVE-2018-6789","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/44571.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45671.py","reference_id":"CVE-2018-6789","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45671.py"},{"reference_url":"https://medium.com/@straightblast426/my-poc-walk-through-for-cve-2018-6789-2e402e4ff588","reference_id":"CVE-2018-6789","reference_type":"exploit","scores":[],"url":"https://medium.com/@straightblast426/my-poc-walk-through-for-cve-2018-6789-2e402e4ff588"},{"reference_url":"https://exim.org/static/doc/security/CVE-2018-6789.txt","reference_id":"CVE-2018-6789.txt","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/"}],"url":"https://exim.org/static/doc/security/CVE-2018-6789.txt"},{"reference_url":"https://www.debian.org/security/2018/dsa-4110","reference_id":"dsa-4110","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/"}],"url":"https://www.debian.org/security/2018/dsa-4110"},{"reference_url":"http://packetstormsecurity.com/files/162959/Exim-base64d-Buffer-Overflow.html","reference_id":"Exim-base64d-Buffer-Overflow.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/"}],"url":"http://packetstormsecurity.com/files/162959/Exim-base64d-Buffer-Overflow.html"},{"reference_url":"https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/","reference_id":"exim-off-by-one-RCE-exploiting-CVE-2018-6789-en","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/"}],"url":"https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/"},{"reference_url":"https://security.gentoo.org/glsa/201803-01","reference_id":"GLSA-201803-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-01"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/02/msg00009.html","reference_id":"msg00009.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T14:03:40Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2018/02/msg00009.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39459?format=json","purl":"pkg:deb/debian/exim4@4.90.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.90.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2018-6789"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2sqq-jsr5-n3aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179647?format=json","vulnerability_id":"VCID-34uj-w2cc-m3ab","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28019","reference_id":"","reference_type":"","scores":[{"value":"0.01574","scoring_system":"epss","scoring_elements":"0.81961","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01574","scoring_system":"epss","scoring_elements":"0.82021","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01574","scoring_system":"epss","scoring_elements":"0.8203","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026"},{"reference_url":"https://security.archlinux.org/AVG-1911","reference_id":"AVG-1911","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1911"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39471?format=json","purl":"pkg:deb/debian/exim4@4.94.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28019"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-34uj-w2cc-m3ab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/174583?format=json","vulnerability_id":"VCID-42eh-c97t-2beg","summary":"A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3559","reference_id":"","reference_type":"","scores":[{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64995","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64983","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64882","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3559"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3559","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3559"},{"reference_url":"https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2","reference_id":"4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:41Z/"}],"url":"https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV/","reference_id":"EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV/"},{"reference_url":"https://vuldb.com/?id.211073","reference_id":"?id.211073","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:41Z/"}],"url":"https://vuldb.com/?id.211073"},{"reference_url":"https://bugs.exim.org/show_bug.cgi?id=2915","reference_id":"show_bug.cgi?id=2915","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:41Z/"}],"url":"https://bugs.exim.org/show_bug.cgi?id=2915"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMQ6OCKPNPBPSD37YR4FOWV2R54M2UEP/","reference_id":"TMQ6OCKPNPBPSD37YR4FOWV2R54M2UEP","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMQ6OCKPNPBPSD37YR4FOWV2R54M2UEP/"},{"reference_url":"https://usn.ubuntu.com/5741-1/","reference_id":"USN-5741-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5741-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFHLZVHNNO2GWYP5EA4TZQZ5O4GVPARR/","reference_id":"WFHLZVHNNO2GWYP5EA4TZQZ5O4GVPARR","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:41Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFHLZVHNNO2GWYP5EA4TZQZ5O4GVPARR/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39498?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39499?format=json","purl":"pkg:deb/debian/exim4@4.96-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2022-3559"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42eh-c97t-2beg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/181550?format=json","vulnerability_id":"VCID-4469-xgah-yyag","summary":"Multiple vulnerabilities were found in Exim, the worst of which\n    leading to remote execution of arbitrary code with root privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1407.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1407.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1407","reference_id":"","reference_type":"","scores":[{"value":"0.00554","scoring_system":"epss","scoring_elements":"0.68552","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00554","scoring_system":"epss","scoring_elements":"0.68642","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00554","scoring_system":"epss","scoring_elements":"0.68655","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1407"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=705446","reference_id":"705446","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=705446"},{"reference_url":"https://security.gentoo.org/glsa/201401-32","reference_id":"GLSA-201401-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-32"},{"reference_url":"https://usn.ubuntu.com/1135-1/","reference_id":"USN-1135-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1135-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39433?format=json","purl":"pkg:deb/debian/exim4@4.76-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.76-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2011-1407"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4469-xgah-yyag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29332?format=json","vulnerability_id":"VCID-51c2-u6by-mbez","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45185","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28552","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28748","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00117","scoring_system":"epss","scoring_elements":"0.30352","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45185"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45185","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45185"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/05/12/4","reference_id":"4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-13T13:31:28Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/05/12/4"},{"reference_url":"https://exim.org/static/doc/security/CVE-2026-45185.txt","reference_id":"CVE-2026-45185.txt","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-13T13:31:28Z/"}],"url":"https://exim.org/static/doc/security/CVE-2026-45185.txt"},{"reference_url":"https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim","reference_id":"dead-letter-cve-2026-45185-xbow-found-rce-exim","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-13T13:31:28Z/"}],"url":"https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim"},{"reference_url":"https://exim.org","reference_id":"exim.org","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-13T13:31:28Z/"}],"url":"https://exim.org"},{"reference_url":"https://code.exim.org/exim/wiki/wiki/EximSecurity","reference_id":"EximSecurity","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-13T13:31:28Z/"}],"url":"https://code.exim.org/exim/wiki/wiki/EximSecurity"},{"reference_url":"https://exim.org/static/doc/security/EXIM-Security-2026-05-01.1/","reference_id":"EXIM-Security-2026-05-01.1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-13T13:31:28Z/"}],"url":"https://exim.org/static/doc/security/EXIM-Security-2026-05-01.1/"},{"reference_url":"https://news.ycombinator.com/item?id=48111748","reference_id":"item?id=48111748","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-13T13:31:28Z/"}],"url":"https://news.ycombinator.com/item?id=48111748"},{"reference_url":"https://usn.ubuntu.com/8382-1/","reference_id":"USN-8382-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8382-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39552?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39553?format=json","purl":"pkg:deb/debian/exim4@4.99.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2026-45185"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-51c2-u6by-mbez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199935?format=json","vulnerability_id":"VCID-5cbh-nmrw-hkc6","summary":"Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0022.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0022.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0022","reference_id":"","reference_type":"","scores":[{"value":"0.01451","scoring_system":"epss","scoring_elements":"0.81214","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01451","scoring_system":"epss","scoring_elements":"0.81274","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01451","scoring_system":"epss","scoring_elements":"0.81282","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0022"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617440","reference_id":"1617440","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:025","reference_id":"RHSA-2005:025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:025"},{"reference_url":"https://usn.ubuntu.com/56-1/","reference_id":"USN-56-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/56-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39424?format=json","purl":"pkg:deb/debian/exim4@4.34-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.34-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2005-0022"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5cbh-nmrw-hkc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167566?format=json","vulnerability_id":"VCID-5cjt-vwuv-83d5","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16944.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16944.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16944","reference_id":"","reference_type":"","scores":[{"value":"0.77909","scoring_system":"epss","scoring_elements":"0.99027","published_at":"2026-06-11T12:55:00Z"},{"value":"0.77909","scoring_system":"epss","scoring_elements":"0.99031","published_at":"2026-06-12T12:55:00Z"},{"value":"0.77909","scoring_system":"epss","scoring_elements":"0.99032","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16944"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16943","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16943"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16944","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16944"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1517684","reference_id":"1517684","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1517684"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882671","reference_id":"882671","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882671"},{"reference_url":"https://security.archlinux.org/ASA-201711-32","reference_id":"ASA-201711-32","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-32"},{"reference_url":"https://security.archlinux.org/AVG-518","reference_id":"AVG-518","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-518"},{"reference_url":"https://bugs.exim.org/show_bug.cgi?id=2201","reference_id":"CVE-2017-16944","reference_type":"exploit","scores":[],"url":"https://bugs.exim.org/show_bug.cgi?id=2201"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/43184.txt","reference_id":"CVE-2017-16944","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/43184.txt"},{"reference_url":"https://security.gentoo.org/glsa/201803-01","reference_id":"GLSA-201803-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-01"},{"reference_url":"https://usn.ubuntu.com/3499-1/","reference_id":"USN-3499-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3499-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39454?format=json","purl":"pkg:deb/debian/exim4@4.89-13?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.89-13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2017-16944"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5cjt-vwuv-83d5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179640?format=json","vulnerability_id":"VCID-5jkn-xb3v-v3bx","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28012","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14599","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.1472","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14718","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026"},{"reference_url":"https://security.archlinux.org/AVG-1911","reference_id":"AVG-1911","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1911"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"},{"reference_url":"https://usn.ubuntu.com/4934-2/","reference_id":"USN-4934-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39471?format=json","purl":"pkg:deb/debian/exim4@4.94.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28012"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5jkn-xb3v-v3bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179649?format=json","vulnerability_id":"VCID-5r88-hqsh-u7an","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28021","reference_id":"","reference_type":"","scores":[{"value":"0.05711","scoring_system":"epss","scoring_elements":"0.90625","published_at":"2026-06-11T12:55:00Z"},{"value":"0.05711","scoring_system":"epss","scoring_elements":"0.90655","published_at":"2026-06-12T12:55:00Z"},{"value":"0.05711","scoring_system":"epss","scoring_elements":"0.90662","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026"},{"reference_url":"https://security.archlinux.org/AVG-1911","reference_id":"AVG-1911","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1911"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39471?format=json","purl":"pkg:deb/debian/exim4@4.94.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28021"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5r88-hqsh-u7an"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177571?format=json","vulnerability_id":"VCID-6524-t862-fyb2","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13917.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13917.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13917","reference_id":"","reference_type":"","scores":[{"value":"0.16396","scoring_system":"epss","scoring_elements":"0.95021","published_at":"2026-06-11T12:55:00Z"},{"value":"0.16396","scoring_system":"epss","scoring_elements":"0.95037","published_at":"2026-06-12T12:55:00Z"},{"value":"0.16396","scoring_system":"epss","scoring_elements":"0.95038","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13917"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1731412","reference_id":"1731412","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1731412"},{"reference_url":"https://security.archlinux.org/ASA-201908-4","reference_id":"ASA-201908-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-4"},{"reference_url":"https://security.archlinux.org/AVG-1011","reference_id":"AVG-1011","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1011"},{"reference_url":"https://security.gentoo.org/glsa/201909-06","reference_id":"GLSA-201909-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201909-06"},{"reference_url":"https://usn.ubuntu.com/4075-1/","reference_id":"USN-4075-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4075-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39463?format=json","purl":"pkg:deb/debian/exim4@4.92-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.92-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2019-13917"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6524-t862-fyb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/181549?format=json","vulnerability_id":"VCID-6d2j-wzcd-4uhq","summary":"Multiple vulnerabilities were found in Exim, the worst of which\n    leading to remote execution of arbitrary code with root privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0017.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0017.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0017","reference_id":"","reference_type":"","scores":[{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30295","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.3049","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00118","scoring_system":"epss","scoring_elements":"0.30509","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0017"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=670945","reference_id":"670945","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=670945"},{"reference_url":"https://security.gentoo.org/glsa/201401-32","reference_id":"GLSA-201401-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-32"},{"reference_url":"https://usn.ubuntu.com/1060-1/","reference_id":"USN-1060-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1060-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39432?format=json","purl":"pkg:deb/debian/exim4@4.72-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.72-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2011-0017"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6d2j-wzcd-4uhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179635?format=json","vulnerability_id":"VCID-6hdx-tast-3bcj","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28007","reference_id":"","reference_type":"","scores":[{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24577","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24775","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24787","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026"},{"reference_url":"https://security.archlinux.org/AVG-1911","reference_id":"AVG-1911","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1911"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"},{"reference_url":"https://usn.ubuntu.com/4934-2/","reference_id":"USN-4934-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39471?format=json","purl":"pkg:deb/debian/exim4@4.94.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28007"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6hdx-tast-3bcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/183644?format=json","vulnerability_id":"VCID-7h36-f76r-zffz","summary":"Multiple vulnerabilities have been discovered in Exim, the worst of which can lead to remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51766","reference_id":"","reference_type":"","scores":[{"value":"0.01642","scoring_system":"epss","scoring_elements":"0.82369","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01642","scoring_system":"epss","scoring_elements":"0.82431","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01642","scoring_system":"epss","scoring_elements":"0.8244","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-51766"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51766","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51766"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059387","reference_id":"1059387","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059387"},{"reference_url":"https://security.gentoo.org/glsa/202402-18","reference_id":"GLSA-202402-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-18"},{"reference_url":"https://usn.ubuntu.com/6611-1/","reference_id":"USN-6611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6611-1/"},{"reference_url":"https://usn.ubuntu.com/8382-1/","reference_id":"USN-8382-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8382-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39530?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39529?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39531?format=json","purl":"pkg:deb/debian/exim4@4.97-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.97-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2023-51766"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7h36-f76r-zffz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179644?format=json","vulnerability_id":"VCID-8yfd-x9td-z7d4","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28016","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.14982","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15104","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15102","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28016"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28016","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28016"},{"reference_url":"https://security.archlinux.org/AVG-1911","reference_id":"AVG-1911","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1911"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"},{"reference_url":"https://usn.ubuntu.com/4934-2/","reference_id":"USN-4934-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39471?format=json","purl":"pkg:deb/debian/exim4@4.94.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28016"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8yfd-x9td-z7d4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84010?format=json","vulnerability_id":"VCID-93x9-7cp1-s3d3","summary":"In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \\ skipping.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40685","reference_id":"","reference_type":"","scores":[{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31794","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31775","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00127","scoring_system":"epss","scoring_elements":"0.31588","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40685"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/04/30/21","reference_id":"21","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:26:30Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/04/30/21"},{"reference_url":"https://code.exim.org/exim/exim/commit/9fdc057e71b87c87a0d3d2288b2810a0efaaba57","reference_id":"9fdc057e71b87c87a0d3d2288b2810a0efaaba57","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:26:30Z/"}],"url":"https://code.exim.org/exim/exim/commit/9fdc057e71b87c87a0d3d2288b2810a0efaaba57"},{"reference_url":"https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40685.assessment","reference_id":"CVE2026-40685.assessment","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:26:30Z/"}],"url":"https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40685.assessment"},{"reference_url":"https://exim.org/static/doc/security/CVE-2026-40685.txt","reference_id":"CVE-2026-40685.txt","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:26:30Z/"}],"url":"https://exim.org/static/doc/security/CVE-2026-40685.txt"},{"reference_url":"https://usn.ubuntu.com/8228-1/","reference_id":"USN-8228-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8228-1/"},{"reference_url":"https://usn.ubuntu.com/8382-1/","reference_id":"USN-8382-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8382-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39543?format=json","purl":"pkg:deb/debian/exim4@4.99.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2026-40685"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-93x9-7cp1-s3d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/181551?format=json","vulnerability_id":"VCID-9v54-e15r-uqdy","summary":"Multiple vulnerabilities were found in Exim, the worst of which\n    leading to remote execution of arbitrary code with root privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1764.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1764.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1764","reference_id":"","reference_type":"","scores":[{"value":"0.04718","scoring_system":"epss","scoring_elements":"0.89617","published_at":"2026-06-11T12:55:00Z"},{"value":"0.04718","scoring_system":"epss","scoring_elements":"0.89652","published_at":"2026-06-12T12:55:00Z"},{"value":"0.04718","scoring_system":"epss","scoring_elements":"0.89659","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1764"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670","reference_id":"624670","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=702474","reference_id":"702474","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=702474"},{"reference_url":"https://security.gentoo.org/glsa/201401-32","reference_id":"GLSA-201401-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-32"},{"reference_url":"https://usn.ubuntu.com/1130-1/","reference_id":"USN-1130-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1130-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39435?format=json","purl":"pkg:deb/debian/exim4@4.75-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.75-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2011-1764"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9v54-e15r-uqdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199934?format=json","vulnerability_id":"VCID-ba64-2f17-57g5","summary":"Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0021.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0021.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0021","reference_id":"","reference_type":"","scores":[{"value":"0.02817","scoring_system":"epss","scoring_elements":"0.86467","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02817","scoring_system":"epss","scoring_elements":"0.86517","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02817","scoring_system":"epss","scoring_elements":"0.86527","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-0021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0021"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617439","reference_id":"1617439","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617439"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/1009.c","reference_id":"OSVDB-12946;CVE-2005-0021","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/1009.c"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/756.c","reference_id":"OSVDB-12946;CVE-2005-0021","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/756.c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:025","reference_id":"RHSA-2005:025","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:025"},{"reference_url":"https://usn.ubuntu.com/56-1/","reference_id":"USN-56-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/56-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39424?format=json","purl":"pkg:deb/debian/exim4@4.34-10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.34-10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2005-0021"],"risk_score":null,"exploitability":"2.0","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ba64-2f17-57g5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87302?format=json","vulnerability_id":"VCID-bbpw-c7nq-1kgx","summary":"Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4345.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4345.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4345","reference_id":"","reference_type":"","scores":[{"value":"0.06508","scoring_system":"epss","scoring_elements":"0.91346","published_at":"2026-06-12T12:55:00Z"},{"value":"0.06508","scoring_system":"epss","scoring_elements":"0.91315","published_at":"2026-06-11T12:55:00Z"},{"value":"0.06508","scoring_system":"epss","scoring_elements":"0.91353","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4345"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0135","reference_id":"0135","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://www.vupen.com/english/advisories/2011/0135"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0245","reference_id":"0245","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://www.vupen.com/english/advisories/2011/0245"},{"reference_url":"http://www.vupen.com/english/advisories/2011/0364","reference_id":"0364","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://www.vupen.com/english/advisories/2011/0364"},{"reference_url":"http://openwall.com/lists/oss-security/2010/12/10/1","reference_id":"1","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://openwall.com/lists/oss-security/2010/12/10/1"},{"reference_url":"http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html","reference_id":"20101207.215955.bb32d4f2.en.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html"},{"reference_url":"http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html","reference_id":"20101209.172233.abcba158.en.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html"},{"reference_url":"http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html","reference_id":"20101210.164935.385e04d0.en.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3171","reference_id":"3171","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://www.vupen.com/english/advisories/2010/3171"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3204","reference_id":"3204","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://www.vupen.com/english/advisories/2010/3204"},{"reference_url":"http://secunia.com/advisories/42576","reference_id":"42576","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://secunia.com/advisories/42576"},{"reference_url":"http://secunia.com/advisories/42930","reference_id":"42930","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://secunia.com/advisories/42930"},{"reference_url":"http://secunia.com/advisories/43128","reference_id":"43128","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://secunia.com/advisories/43128"},{"reference_url":"http://secunia.com/advisories/43243","reference_id":"43243","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://secunia.com/advisories/43243"},{"reference_url":"http://www.securityfocus.com/bid/45341","reference_id":"45341","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://www.securityfocus.com/bid/45341"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606527","reference_id":"606527","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606527"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/04/7","reference_id":"7","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/05/04/7"},{"reference_url":"http://www.kb.cert.org/vuls/id/758489","reference_id":"758489","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://www.kb.cert.org/vuls/id/758489"},{"reference_url":"http://www.cpanel.net/2010/12/critical-exim-security-update.html","reference_id":"critical-exim-security-update.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://www.cpanel.net/2010/12/critical-exim-security-update.html"},{"reference_url":"http://www.debian.org/security/2010/dsa-2131","reference_id":"dsa-2131","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://www.debian.org/security/2010/dsa-2131"},{"reference_url":"http://www.debian.org/security/2011/dsa-2154","reference_id":"dsa-2154","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://www.debian.org/security/2011/dsa-2154"},{"reference_url":"http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format","reference_id":"exim4_string_format","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format"},{"reference_url":"http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/","reference_id":"exim_code_execution_peril","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/"},{"reference_url":"https://security.gentoo.org/glsa/201401-32","reference_id":"GLSA-201401-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-32"},{"reference_url":"http://www.securitytracker.com/id?1024859","reference_id":"id?1024859","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://www.securitytracker.com/id?1024859"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html","reference_id":"msg00003.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0153","reference_id":"RHSA-2011:0153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0153"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0153.html","reference_id":"RHSA-2011-0153.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2011-0153.html"},{"reference_url":"http://bugs.exim.org/show_bug.cgi?id=1044","reference_id":"show_bug.cgi?id=1044","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://bugs.exim.org/show_bug.cgi?id=1044"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=662012","reference_id":"show_bug.cgi?id=662012","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=662012"},{"reference_url":"http://www.securityfocus.com/archive/1/515172/100/0/threaded","reference_id":"threaded","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://www.securityfocus.com/archive/1/515172/100/0/threaded"},{"reference_url":"https://usn.ubuntu.com/1060-1/","reference_id":"USN-1060-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1060-1/"},{"reference_url":"http://www.ubuntu.com/usn/USN-1060-1","reference_id":"USN-1060-1","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:24:14Z/"}],"url":"http://www.ubuntu.com/usn/USN-1060-1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39430?format=json","purl":"pkg:deb/debian/exim4@4.72-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.72-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2010-4345"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bbpw-c7nq-1kgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209367?format=json","vulnerability_id":"VCID-bucn-akc7-zufn","summary":"Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37452","reference_id":"","reference_type":"","scores":[{"value":"0.04696","scoring_system":"epss","scoring_elements":"0.89592","published_at":"2026-06-11T12:55:00Z"},{"value":"0.04696","scoring_system":"epss","scoring_elements":"0.89626","published_at":"2026-06-12T12:55:00Z"},{"value":"0.04696","scoring_system":"epss","scoring_elements":"0.89633","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37452"},{"reference_url":"https://usn.ubuntu.com/5574-1/","reference_id":"USN-5574-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5574-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39507?format=json","purl":"pkg:deb/debian/exim4@4.94.2-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2022-37452"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bucn-akc7-zufn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179643?format=json","vulnerability_id":"VCID-cz3r-5pdr-73b8","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28015","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12753","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12849","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12859","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026"},{"reference_url":"https://security.archlinux.org/AVG-1911","reference_id":"AVG-1911","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1911"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"},{"reference_url":"https://usn.ubuntu.com/4934-2/","reference_id":"USN-4934-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39471?format=json","purl":"pkg:deb/debian/exim4@4.94.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28015"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cz3r-5pdr-73b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/135236?format=json","vulnerability_id":"VCID-czkm-mkwx-wbcm","summary":"Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of NTLM challenge requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account.\n. Was ZDI-CAN-17515.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42116.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42116.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42116","reference_id":"","reference_type":"","scores":[{"value":"0.06734","scoring_system":"epss","scoring_elements":"0.91485","published_at":"2026-06-11T12:55:00Z"},{"value":"0.06734","scoring_system":"epss","scoring_elements":"0.91515","published_at":"2026-06-12T12:55:00Z"},{"value":"0.06734","scoring_system":"epss","scoring_elements":"0.91523","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42116"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42114","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42114"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42116"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241528","reference_id":"2241528","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241528"},{"reference_url":"https://security.gentoo.org/glsa/202402-18","reference_id":"GLSA-202402-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-18"},{"reference_url":"https://usn.ubuntu.com/6411-1/","reference_id":"USN-6411-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6411-1/"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-23-1470/","reference_id":"ZDI-23-1470","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-05T15:02:42Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-1470/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39511?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39510?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39513?format=json","purl":"pkg:deb/debian/exim4@4.97~RC1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.97~RC1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2023-42116"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-czkm-mkwx-wbcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212608?format=json","vulnerability_id":"VCID-d4d7-w25w-qyc3","summary":"Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37451.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37451.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37451","reference_id":"","reference_type":"","scores":[{"value":"0.19257","scoring_system":"epss","scoring_elements":"0.95509","published_at":"2026-06-11T12:55:00Z"},{"value":"0.19257","scoring_system":"epss","scoring_elements":"0.95523","published_at":"2026-06-12T12:55:00Z"},{"value":"0.19257","scoring_system":"epss","scoring_elements":"0.95526","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37451"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2119782","reference_id":"2119782","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2119782"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39501?format=json","purl":"pkg:deb/debian/exim4@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39504?format=json","purl":"pkg:deb/debian/exim4@4.95-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.95-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2022-37451"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d4d7-w25w-qyc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179638?format=json","vulnerability_id":"VCID-dadd-du72-akag","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28010","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12176","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12269","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12275","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026"},{"reference_url":"https://security.archlinux.org/AVG-1911","reference_id":"AVG-1911","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1911"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39471?format=json","purl":"pkg:deb/debian/exim4@4.94.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28010"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dadd-du72-akag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179651?format=json","vulnerability_id":"VCID-dnj5-vua8-kkhc","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28023","reference_id":"","reference_type":"","scores":[{"value":"0.0298","scoring_system":"epss","scoring_elements":"0.86827","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0298","scoring_system":"epss","scoring_elements":"0.86875","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0298","scoring_system":"epss","scoring_elements":"0.86885","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026"},{"reference_url":"https://security.archlinux.org/AVG-1911","reference_id":"AVG-1911","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1911"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39471?format=json","purl":"pkg:deb/debian/exim4@4.94.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28023"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dnj5-vua8-kkhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179655?format=json","vulnerability_id":"VCID-dx4n-k186-u3dj","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27216","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18253","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18416","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18437","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27216"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27216","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27216"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"},{"reference_url":"https://usn.ubuntu.com/4934-2/","reference_id":"USN-4934-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39471?format=json","purl":"pkg:deb/debian/exim4@4.94.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2021-27216"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dx4n-k186-u3dj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199433?format=json","vulnerability_id":"VCID-esn3-rb5p-qqeb","summary":"Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1381","reference_id":"","reference_type":"","scores":[{"value":"0.03052","scoring_system":"epss","scoring_elements":"0.86989","published_at":"2026-06-11T12:55:00Z"},{"value":"0.03052","scoring_system":"epss","scoring_elements":"0.87035","published_at":"2026-06-12T12:55:00Z"},{"value":"0.03052","scoring_system":"epss","scoring_elements":"0.87044","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1381","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1381"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/22066.c","reference_id":"CVE-2002-1381;OSVDB-10360","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/22066.c"},{"reference_url":"https://www.securityfocus.com/bid/6314/info","reference_id":"CVE-2002-1381;OSVDB-10360","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/6314/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39412?format=json","purl":"pkg:deb/debian/exim4@4.11-0.0.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.11-0.0.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2002-1381"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-esn3-rb5p-qqeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/927?format=json","vulnerability_id":"VCID-ey67-sd6b-h7cw","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1531.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1531.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1531","reference_id":"","reference_type":"","scores":[{"value":"0.5677","scoring_system":"epss","scoring_elements":"0.98172","published_at":"2026-06-11T12:55:00Z"},{"value":"0.5677","scoring_system":"epss","scoring_elements":"0.98179","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1531"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1531","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1531"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:C/I:C/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1314293","reference_id":"1314293","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1314293"},{"reference_url":"http://legalhackers.com/advisories/Exim-Local-Root-Privilege-Escalation.txt","reference_id":"CVE-2016-1531","reference_type":"exploit","scores":[],"url":"http://legalhackers.com/advisories/Exim-Local-Root-Privilege-Escalation.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/39535.sh","reference_id":"CVE-2016-1531","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/39535.sh"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/39549.txt","reference_id":"CVE-2016-1531","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/39549.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/39702.rb","reference_id":"CVE-2016-1531","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/39702.rb"},{"reference_url":"https://usn.ubuntu.com/2933-1/","reference_id":"USN-2933-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2933-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39445?format=json","purl":"pkg:deb/debian/exim4@4.86.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.86.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2016-1531"],"risk_score":6.8,"exploitability":"2.0","weighted_severity":"3.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ey67-sd6b-h7cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/181552?format=json","vulnerability_id":"VCID-h4h9-unyc-nkdn","summary":"Multiple vulnerabilities were found in Exim, the worst of which\n    leading to remote execution of arbitrary code with root privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5671.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5671.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5671","reference_id":"","reference_type":"","scores":[{"value":"0.31639","scoring_system":"epss","scoring_elements":"0.96909","published_at":"2026-06-11T12:55:00Z"},{"value":"0.31639","scoring_system":"epss","scoring_elements":"0.9692","published_at":"2026-06-12T12:55:00Z"},{"value":"0.31639","scoring_system":"epss","scoring_elements":"0.96923","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5671"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=869953","reference_id":"869953","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=869953"},{"reference_url":"https://security.gentoo.org/glsa/201401-32","reference_id":"GLSA-201401-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-32"},{"reference_url":"https://usn.ubuntu.com/1618-1/","reference_id":"USN-1618-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1618-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39438?format=json","purl":"pkg:deb/debian/exim4@4.80-5.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.80-5.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2012-5671"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h4h9-unyc-nkdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/181547?format=json","vulnerability_id":"VCID-heh9-cqhh-zbbf","summary":"Multiple vulnerabilities were found in Exim, the worst of which\n    leading to remote execution of arbitrary code with root privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2023.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2023.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2023","reference_id":"","reference_type":"","scores":[{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.45973","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.46117","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0023","scoring_system":"epss","scoring_elements":"0.46124","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2023"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=600093","reference_id":"600093","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=600093"},{"reference_url":"https://security.gentoo.org/glsa/201401-32","reference_id":"GLSA-201401-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-32"},{"reference_url":"https://usn.ubuntu.com/1060-1/","reference_id":"USN-1060-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1060-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39427?format=json","purl":"pkg:deb/debian/exim4@4.72-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.72-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2010-2023"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-heh9-cqhh-zbbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84077?format=json","vulnerability_id":"VCID-hhte-snaq-ruh5","summary":"In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be divulged within an error message produced during handling of an unrelated e-mail message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40686","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28788","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28765","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28569","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40686"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/04/30/21","reference_id":"21","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:27:01Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/04/30/21"},{"reference_url":"https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40686.assessment","reference_id":"CVE2026-40686.assessment","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:27:01Z/"}],"url":"https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40686.assessment"},{"reference_url":"https://exim.org/static/doc/security/CVE-2026-40686.txt","reference_id":"CVE-2026-40686.txt","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:27:01Z/"}],"url":"https://exim.org/static/doc/security/CVE-2026-40686.txt"},{"reference_url":"https://code.exim.org/exim/exim/commit/f2570bde16fb4d4a1242ff363a4c4eecf6372efc","reference_id":"f2570bde16fb4d4a1242ff363a4c4eecf6372efc","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:27:01Z/"}],"url":"https://code.exim.org/exim/exim/commit/f2570bde16fb4d4a1242ff363a4c4eecf6372efc"},{"reference_url":"https://usn.ubuntu.com/8228-1/","reference_id":"USN-8228-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8228-1/"},{"reference_url":"https://usn.ubuntu.com/8382-1/","reference_id":"USN-8382-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8382-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39543?format=json","purl":"pkg:deb/debian/exim4@4.99.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2026-40686"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hhte-snaq-ruh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179650?format=json","vulnerability_id":"VCID-jm4e-4b7y-jygk","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28022","reference_id":"","reference_type":"","scores":[{"value":"0.02607","scoring_system":"epss","scoring_elements":"0.85963","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02607","scoring_system":"epss","scoring_elements":"0.86012","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02607","scoring_system":"epss","scoring_elements":"0.86022","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026"},{"reference_url":"https://security.archlinux.org/AVG-1911","reference_id":"AVG-1911","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1911"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"},{"reference_url":"https://usn.ubuntu.com/4934-2/","reference_id":"USN-4934-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39471?format=json","purl":"pkg:deb/debian/exim4@4.94.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28022"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jm4e-4b7y-jygk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179637?format=json","vulnerability_id":"VCID-kbwf-7g2r-8yfp","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28009","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2243","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22626","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2264","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026"},{"reference_url":"https://security.archlinux.org/AVG-1911","reference_id":"AVG-1911","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1911"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"},{"reference_url":"https://usn.ubuntu.com/4934-2/","reference_id":"USN-4934-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39471?format=json","purl":"pkg:deb/debian/exim4@4.94.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28009"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kbwf-7g2r-8yfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/102090?format=json","vulnerability_id":"VCID-knvr-uzut-wkhd","summary":"Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26794.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-26794.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-26794","reference_id":"","reference_type":"","scores":[{"value":"0.77997","scoring_system":"epss","scoring_elements":"0.99038","published_at":"2026-06-13T12:55:00Z"},{"value":"0.77997","scoring_system":"epss","scoring_elements":"0.99034","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-26794"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346981","reference_id":"2346981","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2346981"},{"reference_url":"https://github.com/NixOS/nixpkgs/pull/383926","reference_id":"383926","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-21T16:11:25Z/"}],"url":"https://github.com/NixOS/nixpkgs/pull/383926"},{"reference_url":"https://github.com/openbsd/ports/commit/584d2c49addce9ca0ae67882cc16969104d7f82d","reference_id":"584d2c49addce9ca0ae67882cc16969104d7f82d","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-21T16:11:25Z/"}],"url":"https://github.com/openbsd/ports/commit/584d2c49addce9ca0ae67882cc16969104d7f82d"},{"reference_url":"https://code.exim.org/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305","reference_id":"bfe32b5c6ea033736a26da8421513206db9fe305","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-21T16:11:25Z/"}],"url":"https://code.exim.org/exim/exim/commit/bfe32b5c6ea033736a26da8421513206db9fe305"},{"reference_url":"https://www.exim.org/static/doc/security/CVE-2025-26794.txt","reference_id":"CVE-2025-26794.txt","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-21T16:11:25Z/"}],"url":"https://www.exim.org/static/doc/security/CVE-2025-26794.txt"},{"reference_url":"https://exim.org","reference_id":"exim.org","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-21T16:11:25Z/"}],"url":"https://exim.org"},{"reference_url":"https://github.com/Exim/exim/wiki/EximSecurity","reference_id":"EximSecurity","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-21T16:11:25Z/"}],"url":"https://github.com/Exim/exim/wiki/EximSecurity"},{"reference_url":"https://exim.org/static/doc/security/EXIM-Security-2025-12-09.1/report.txt","reference_id":"report.txt","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-21T16:11:25Z/"}],"url":"https://exim.org/static/doc/security/EXIM-Security-2025-12-09.1/report.txt"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=1237424","reference_id":"show_bug.cgi?id=1237424","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-21T16:11:25Z/"}],"url":"https://bugzilla.suse.com/show_bug.cgi?id=1237424"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39501?format=json","purl":"pkg:deb/debian/exim4@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39534?format=json","purl":"pkg:deb/debian/exim4@4.98-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2025-26794"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-knvr-uzut-wkhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/196606?format=json","vulnerability_id":"VCID-ndj6-cuxy-pycd","summary":"man-in-the-middle","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38371","reference_id":"","reference_type":"","scores":[{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84815","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84867","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02209","scoring_system":"epss","scoring_elements":"0.84875","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38371"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38371","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38371"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992172","reference_id":"992172","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992172"},{"reference_url":"https://security.archlinux.org/AVG-2272","reference_id":"AVG-2272","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2272"},{"reference_url":"https://usn.ubuntu.com/6881-1/","reference_id":"USN-6881-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6881-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39498?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39497?format=json","purl":"pkg:deb/debian/exim4@4.95~RC2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.95~RC2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2021-38371"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ndj6-cuxy-pycd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179653?format=json","vulnerability_id":"VCID-npfm-78r1-3bdt","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28025","reference_id":"","reference_type":"","scores":[{"value":"0.01407","scoring_system":"epss","scoring_elements":"0.80899","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01407","scoring_system":"epss","scoring_elements":"0.80959","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01407","scoring_system":"epss","scoring_elements":"0.80969","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026"},{"reference_url":"https://security.archlinux.org/AVG-1911","reference_id":"AVG-1911","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1911"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"},{"reference_url":"https://usn.ubuntu.com/4934-2/","reference_id":"USN-4934-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39471?format=json","purl":"pkg:deb/debian/exim4@4.94.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28025"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-npfm-78r1-3bdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/160851?format=json","vulnerability_id":"VCID-p1b8-8hf7-jugt","summary":"Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16928.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16928.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16928","reference_id":"","reference_type":"","scores":[{"value":"0.9031","scoring_system":"epss","scoring_elements":"0.99618","published_at":"2026-06-13T12:55:00Z"},{"value":"0.9031","scoring_system":"epss","scoring_elements":"0.99616","published_at":"2026-06-11T12:55:00Z"},{"value":"0.9031","scoring_system":"epss","scoring_elements":"0.99617","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-16928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16928"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/09/28/1","reference_id":"1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/09/28/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1756930","reference_id":"1756930","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1756930"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/09/28/2","reference_id":"2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/09/28/2"},{"reference_url":"https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html","reference_id":"20190927.032457.c1044d4c.en.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/"}],"url":"https://lists.exim.org/lurker/message/20190927.032457.c1044d4c.en.html"},{"reference_url":"https://security.gentoo.org/glsa/202003-47","reference_id":"202003-47","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/"}],"url":"https://security.gentoo.org/glsa/202003-47"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/09/28/3","reference_id":"3","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/09/28/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/09/28/4","reference_id":"4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/09/28/4"},{"reference_url":"https://usn.ubuntu.com/4141-1/","reference_id":"4141-1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/"}],"url":"https://usn.ubuntu.com/4141-1/"},{"reference_url":"https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f","reference_id":"478effbfd9c3cc5a627fc671d4bf94d13670d65f","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/"}],"url":"https://git.exim.org/exim.git/commit/478effbfd9c3cc5a627fc671d4bf94d13670d65f"},{"reference_url":"https://seclists.org/bugtraq/2019/Sep/60","reference_id":"60","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/"}],"url":"https://seclists.org/bugtraq/2019/Sep/60"},{"reference_url":"https://security.archlinux.org/ASA-201910-1","reference_id":"ASA-201910-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-1"},{"reference_url":"https://security.archlinux.org/AVG-1038","reference_id":"AVG-1038","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1038"},{"reference_url":"https://www.debian.org/security/2019/dsa-4536","reference_id":"dsa-4536","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/"}],"url":"https://www.debian.org/security/2019/dsa-4536"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/","reference_id":"EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EED7HM3MFIBAP5OIMJAFJ35JAJABTVSC/"},{"reference_url":"https://bugs.exim.org/show_bug.cgi?id=2449","reference_id":"show_bug.cgi?id=2449","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/"}],"url":"https://bugs.exim.org/show_bug.cgi?id=2449"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/","reference_id":"T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3TJW4HPYH3O5HZCWGD6NSHTEBTTAPDC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/","reference_id":"UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T20:03:35Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UY6HPRW7MR3KBQ5JFHH6OXM7YCZBJCOB/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39467?format=json","purl":"pkg:deb/debian/exim4@4.92.2-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.92.2-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2019-16928"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p1b8-8hf7-jugt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/135644?format=json","vulnerability_id":"VCID-p1c3-vexn-pqdc","summary":"Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account.\n. Was ZDI-CAN-17434.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42115.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42115.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42115","reference_id":"","reference_type":"","scores":[{"value":"0.65812","scoring_system":"epss","scoring_elements":"0.98529","published_at":"2026-06-11T12:55:00Z"},{"value":"0.65812","scoring_system":"epss","scoring_elements":"0.98534","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42114","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42114"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42116","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42116"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241525","reference_id":"2241525","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241525"},{"reference_url":"https://security.gentoo.org/glsa/202402-18","reference_id":"GLSA-202402-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-18"},{"reference_url":"https://usn.ubuntu.com/6411-1/","reference_id":"USN-6411-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6411-1/"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-23-1469/","reference_id":"ZDI-23-1469","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-20T19:32:20Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-1469/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39511?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39510?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39513?format=json","purl":"pkg:deb/debian/exim4@4.97~RC1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.97~RC1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2023-42115"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p1c3-vexn-pqdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179646?format=json","vulnerability_id":"VCID-pg8e-48vd-hbe2","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28018","reference_id":"","reference_type":"","scores":[{"value":"0.65912","scoring_system":"epss","scoring_elements":"0.98533","published_at":"2026-06-11T12:55:00Z"},{"value":"0.65912","scoring_system":"epss","scoring_elements":"0.98538","published_at":"2026-06-12T12:55:00Z"},{"value":"0.65912","scoring_system":"epss","scoring_elements":"0.98537","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28018"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28018","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28018"},{"reference_url":"https://security.archlinux.org/AVG-1911","reference_id":"AVG-1911","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1911"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39471?format=json","purl":"pkg:deb/debian/exim4@4.94.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28018"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pg8e-48vd-hbe2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203355?format=json","vulnerability_id":"VCID-pvvh-j2qs-2fg5","summary":"The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2957.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2957.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2957","reference_id":"","reference_type":"","scores":[{"value":"0.01821","scoring_system":"epss","scoring_elements":"0.8328","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01821","scoring_system":"epss","scoring_elements":"0.83341","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01821","scoring_system":"epss","scoring_elements":"0.83349","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2957"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2957","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2957"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1101725","reference_id":"1101725","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1101725"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39442?format=json","purl":"pkg:deb/debian/exim4@4.82.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.82.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2014-2957"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pvvh-j2qs-2fg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199687?format=json","vulnerability_id":"VCID-q5we-p3d3-xuf3","summary":"Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0400","reference_id":"","reference_type":"","scores":[{"value":"0.06391","scoring_system":"epss","scoring_elements":"0.91224","published_at":"2026-06-11T12:55:00Z"},{"value":"0.06391","scoring_system":"epss","scoring_elements":"0.91254","published_at":"2026-06-12T12:55:00Z"},{"value":"0.06391","scoring_system":"epss","scoring_elements":"0.91261","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0400"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39419?format=json","purl":"pkg:deb/debian/exim4@4.33-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.33-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2004-0400"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q5we-p3d3-xuf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179641?format=json","vulnerability_id":"VCID-qc9t-2j8d-h7aq","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28013","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15523","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15659","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15672","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026"},{"reference_url":"https://security.archlinux.org/AVG-1911","reference_id":"AVG-1911","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1911"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"},{"reference_url":"https://usn.ubuntu.com/4934-2/","reference_id":"USN-4934-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39471?format=json","purl":"pkg:deb/debian/exim4@4.94.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28013"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qc9t-2j8d-h7aq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/178265?format=json","vulnerability_id":"VCID-qs61-b5vc-muhf","summary":"A local attacker could execute arbitrary code by providing\n    unsanitized data to a data source or escalate privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2972.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2972.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2972","reference_id":"","reference_type":"","scores":[{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43972","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.44126","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.44144","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2972"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2972","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2972"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1122552","reference_id":"1122552","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1122552"},{"reference_url":"https://security.gentoo.org/glsa/201607-12","reference_id":"GLSA-201607-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-12"},{"reference_url":"https://usn.ubuntu.com/2933-1/","reference_id":"USN-2933-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2933-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39443?format=json","purl":"pkg:deb/debian/exim4@4.82.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.82.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2014-2972"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qs61-b5vc-muhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179642?format=json","vulnerability_id":"VCID-qyzh-ytsw-eyhx","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28014","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.181","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18262","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18282","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026"},{"reference_url":"https://security.archlinux.org/AVG-1911","reference_id":"AVG-1911","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1911"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"},{"reference_url":"https://usn.ubuntu.com/4934-2/","reference_id":"USN-4934-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39471?format=json","purl":"pkg:deb/debian/exim4@4.94.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28014"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qyzh-ytsw-eyhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167564?format=json","vulnerability_id":"VCID-rfd2-41p7-ybd7","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16943.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16943.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16943","reference_id":"","reference_type":"","scores":[{"value":"0.74526","scoring_system":"epss","scoring_elements":"0.98871","published_at":"2026-06-11T12:55:00Z"},{"value":"0.74526","scoring_system":"epss","scoring_elements":"0.98875","published_at":"2026-06-12T12:55:00Z"},{"value":"0.74526","scoring_system":"epss","scoring_elements":"0.98877","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16943"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16943","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16943"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16944","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16944"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1517680","reference_id":"1517680","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1517680"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882648","reference_id":"882648","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882648"},{"reference_url":"https://security.archlinux.org/ASA-201711-32","reference_id":"ASA-201711-32","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-32"},{"reference_url":"https://security.archlinux.org/AVG-518","reference_id":"AVG-518","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-518"},{"reference_url":"https://security.gentoo.org/glsa/201803-01","reference_id":"GLSA-201803-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-01"},{"reference_url":"https://usn.ubuntu.com/3493-1/","reference_id":"USN-3493-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3493-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39451?format=json","purl":"pkg:deb/debian/exim4@4.89-12?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.89-12%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2017-16943"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rfd2-41p7-ybd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90174?format=json","vulnerability_id":"VCID-rwcr-ykxh-ubhc","summary":"A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30232","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24312","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24506","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24517","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-30232"},{"reference_url":"https://security.archlinux.org/ASA-202503-1","reference_id":"ASA-202503-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202503-1"},{"reference_url":"https://security.archlinux.org/AVG-2859","reference_id":"AVG-2859","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2859"},{"reference_url":"https://www.exim.org/static/doc/security/CVE-2025-30232.txt","reference_id":"CVE-2025-30232.txt","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-28T14:37:01Z/"}],"url":"https://www.exim.org/static/doc/security/CVE-2025-30232.txt"},{"reference_url":"https://usn.ubuntu.com/7373-1/","reference_id":"USN-7373-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7373-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39501?format=json","purl":"pkg:deb/debian/exim4@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39535?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39536?format=json","purl":"pkg:deb/debian/exim4@4.98.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2025-30232"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rwcr-ykxh-ubhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179648?format=json","vulnerability_id":"VCID-s579-vy9e-pbfp","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28020","reference_id":"","reference_type":"","scores":[{"value":"0.26587","scoring_system":"epss","scoring_elements":"0.96456","published_at":"2026-06-11T12:55:00Z"},{"value":"0.26587","scoring_system":"epss","scoring_elements":"0.96466","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28020"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28020"},{"reference_url":"https://security.archlinux.org/AVG-1912","reference_id":"AVG-1912","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1912"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"},{"reference_url":"https://usn.ubuntu.com/4934-2/","reference_id":"USN-4934-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39490?format=json","purl":"pkg:deb/debian/exim4@4.92~RC5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.92~RC5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28020"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s579-vy9e-pbfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80542?format=json","vulnerability_id":"VCID-sqtt-yb5x-9ff9","summary":"Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-48840","reference_id":"","reference_type":"","scores":[{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21715","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21516","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21702","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-48840"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48840","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48840"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/05/29/3","reference_id":"3","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-06-01T12:51:07Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/05/29/3"},{"reference_url":"https://exim.org/static/doc/security/EXIM-Security-2026-05-19.1","reference_id":"EXIM-Security-2026-05-19.1","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-06-01T12:51:07Z/"}],"url":"https://exim.org/static/doc/security/EXIM-Security-2026-05-19.1"},{"reference_url":"https://usn.ubuntu.com/8353-1/","reference_id":"USN-8353-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8353-1/"},{"reference_url":"https://usn.ubuntu.com/8382-1/","reference_id":"USN-8382-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8382-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39557?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39555?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u10?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u10%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39559?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2026-48840"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sqtt-yb5x-9ff9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83942?format=json","vulnerability_id":"VCID-syut-2gvg-jqer","summary":"In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes the connection instance, or erroneous data processing that divulges data from uninitialized heap memory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40687","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40032","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.4001","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.3984","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40687"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40687","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40687"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/04/30/21","reference_id":"21","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:03Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/04/30/21"},{"reference_url":"https://code.exim.org/exim/exim/commit/68b963b9f75ca27b38e1c0f8c87037990199f505","reference_id":"68b963b9f75ca27b38e1c0f8c87037990199f505","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:03Z/"}],"url":"https://code.exim.org/exim/exim/commit/68b963b9f75ca27b38e1c0f8c87037990199f505"},{"reference_url":"https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40687.assessment","reference_id":"CVE2026-40687.assessment","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:03Z/"}],"url":"https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40687.assessment"},{"reference_url":"https://exim.org/static/doc/security/CVE-2026-40687.txt","reference_id":"CVE-2026-40687.txt","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:03Z/"}],"url":"https://exim.org/static/doc/security/CVE-2026-40687.txt"},{"reference_url":"https://usn.ubuntu.com/8228-1/","reference_id":"USN-8228-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8228-1/"},{"reference_url":"https://usn.ubuntu.com/8382-1/","reference_id":"USN-8382-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8382-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39543?format=json","purl":"pkg:deb/debian/exim4@4.99.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2026-40687"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-syut-2gvg-jqer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179639?format=json","vulnerability_id":"VCID-ubu7-861q-8qbf","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28011","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15523","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15659","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15672","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026"},{"reference_url":"https://security.archlinux.org/AVG-1911","reference_id":"AVG-1911","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1911"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"},{"reference_url":"https://usn.ubuntu.com/4934-2/","reference_id":"USN-4934-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39471?format=json","purl":"pkg:deb/debian/exim4@4.94.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28011"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ubu7-861q-8qbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/175153?format=json","vulnerability_id":"VCID-ufwa-bnb1-67b7","summary":"A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarc_dns_lookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211919.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3620","reference_id":"","reference_type":"","scores":[{"value":"0.01227","scoring_system":"epss","scoring_elements":"0.79551","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01227","scoring_system":"epss","scoring_elements":"0.79632","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01227","scoring_system":"epss","scoring_elements":"0.79617","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3620"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022556","reference_id":"1022556","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022556"},{"reference_url":"https://git.exim.org/exim.git/commit/12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445","reference_id":"12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:15Z/"}],"url":"https://git.exim.org/exim.git/commit/12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/667V3ADXQ2MHUJMSXA3VZZEWLVSCIBEU/","reference_id":"667V3ADXQ2MHUJMSXA3VZZEWLVSCIBEU","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:15Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/667V3ADXQ2MHUJMSXA3VZZEWLVSCIBEU/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV/","reference_id":"EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:15Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EIH4W5R7SHTUEQFWWKB4TUO5YFZX64KV/"},{"reference_url":"https://vuldb.com/?id.211919","reference_id":"?id.211919","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:15Z/"}],"url":"https://vuldb.com/?id.211919"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XV2K2AWF62FSJ64B5CUZPFT4COK7P5PM/","reference_id":"XV2K2AWF62FSJ64B5CUZPFT4COK7P5PM","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-14T17:08:15Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XV2K2AWF62FSJ64B5CUZPFT4COK7P5PM/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39501?format=json","purl":"pkg:deb/debian/exim4@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39500?format=json","purl":"pkg:deb/debian/exim4@4.96-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2022-3620"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ufwa-bnb1-67b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/181548?format=json","vulnerability_id":"VCID-uhf1-v5x4-7kfv","summary":"Multiple vulnerabilities were found in Exim, the worst of which\n    leading to remote execution of arbitrary code with root privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2024.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2024.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2024","reference_id":"","reference_type":"","scores":[{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38621","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38794","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00174","scoring_system":"epss","scoring_elements":"0.38817","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-2024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2024"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=600097","reference_id":"600097","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=600097"},{"reference_url":"https://security.gentoo.org/glsa/201401-32","reference_id":"GLSA-201401-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-32"},{"reference_url":"https://usn.ubuntu.com/1060-1/","reference_id":"USN-1060-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1060-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39427?format=json","purl":"pkg:deb/debian/exim4@4.72-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.72-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2010-2024"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uhf1-v5x4-7kfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179756?format=json","vulnerability_id":"VCID-uxdq-uzep-hyfk","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12783.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12783.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12783","reference_id":"","reference_type":"","scores":[{"value":"0.05454","scoring_system":"epss","scoring_elements":"0.90394","published_at":"2026-06-11T12:55:00Z"},{"value":"0.05454","scoring_system":"epss","scoring_elements":"0.90424","published_at":"2026-06-12T12:55:00Z"},{"value":"0.05454","scoring_system":"epss","scoring_elements":"0.90432","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12783"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12783","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12783"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1836362","reference_id":"1836362","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1836362"},{"reference_url":"https://usn.ubuntu.com/4366-1/","reference_id":"USN-4366-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4366-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39469?format=json","purl":"pkg:deb/debian/exim4@4.93-16?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.93-16%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-12783"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uxdq-uzep-hyfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199686?format=json","vulnerability_id":"VCID-v4en-4atd-1qex","summary":"Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0399","reference_id":"","reference_type":"","scores":[{"value":"0.42079","scoring_system":"epss","scoring_elements":"0.97528","published_at":"2026-06-11T12:55:00Z"},{"value":"0.42079","scoring_system":"epss","scoring_elements":"0.97536","published_at":"2026-06-12T12:55:00Z"},{"value":"0.42079","scoring_system":"epss","scoring_elements":"0.97538","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0399"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/24093.c","reference_id":"CVE-2004-0399;OSVDB-5896","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/24093.c"},{"reference_url":"https://www.securityfocus.com/bid/10290/info","reference_id":"CVE-2004-0399;OSVDB-5896","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/10290/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39419?format=json","purl":"pkg:deb/debian/exim4@4.33-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.33-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2004-0399"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v4en-4atd-1qex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/124603?format=json","vulnerability_id":"VCID-v7k7-yd16-qfce","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000369.json","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000369.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000369","reference_id":"","reference_type":"","scores":[{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54258","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.54384","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00306","scoring_system":"epss","scoring_elements":"0.544","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000369"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000369","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000369"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1457748","reference_id":"1457748","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1457748"},{"reference_url":"https://security.archlinux.org/ASA-201711-32","reference_id":"ASA-201711-32","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-32"},{"reference_url":"https://security.archlinux.org/AVG-518","reference_id":"AVG-518","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-518"},{"reference_url":"https://security.gentoo.org/glsa/201709-19","reference_id":"GLSA-201709-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-19"},{"reference_url":"https://usn.ubuntu.com/3322-1/","reference_id":"USN-3322-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3322-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39450?format=json","purl":"pkg:deb/debian/exim4@4.89-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.89-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2017-1000369"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v7k7-yd16-qfce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84268?format=json","vulnerability_id":"VCID-w86m-chaw-13bw","summary":"In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40684","reference_id":"","reference_type":"","scores":[{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40947","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40923","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40756","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40684"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40684","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40684"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/04/30/21","reference_id":"21","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:46Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/04/30/21"},{"reference_url":"https://code.exim.org/exim/exim/commit/628bbaca7672748d941a12e7cd5f0122a4e18c81","reference_id":"628bbaca7672748d941a12e7cd5f0122a4e18c81","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:46Z/"}],"url":"https://code.exim.org/exim/exim/commit/628bbaca7672748d941a12e7cd5f0122a4e18c81"},{"reference_url":"https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40684.assessment","reference_id":"CVE2026-40684.assessment","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:46Z/"}],"url":"https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40684.assessment"},{"reference_url":"https://exim.org/static/doc/security/CVE-2026-40684.txt","reference_id":"CVE-2026-40684.txt","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:25:46Z/"}],"url":"https://exim.org/static/doc/security/CVE-2026-40684.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39543?format=json","purl":"pkg:deb/debian/exim4@4.99.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2026-40684"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w86m-chaw-13bw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/177691?format=json","vulnerability_id":"VCID-wgdp-4t5f-xfaf","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15846.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15846.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15846","reference_id":"","reference_type":"","scores":[{"value":"0.63986","scoring_system":"epss","scoring_elements":"0.98458","published_at":"2026-06-13T12:55:00Z"},{"value":"0.65447","scoring_system":"epss","scoring_elements":"0.98513","published_at":"2026-06-11T12:55:00Z"},{"value":"0.65447","scoring_system":"epss","scoring_elements":"0.98518","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15846"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15846","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15846"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748397","reference_id":"1748397","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1748397"},{"reference_url":"https://security.archlinux.org/ASA-201909-3","reference_id":"ASA-201909-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201909-3"},{"reference_url":"https://security.archlinux.org/AVG-1037","reference_id":"AVG-1037","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1037"},{"reference_url":"https://security.gentoo.org/glsa/201909-06","reference_id":"GLSA-201909-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201909-06"},{"reference_url":"https://usn.ubuntu.com/4124-1/","reference_id":"USN-4124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4124-1/"},{"reference_url":"https://usn.ubuntu.com/4124-2/","reference_id":"USN-4124-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4124-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39465?format=json","purl":"pkg:deb/debian/exim4@4.92.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.92.1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2019-15846"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wgdp-4t5f-xfaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87304?format=json","vulnerability_id":"VCID-x2um-ftjf-vfec","summary":"Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4344.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4344.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4344","reference_id":"","reference_type":"","scores":[{"value":"0.51873","scoring_system":"epss","scoring_elements":"0.97972","published_at":"2026-06-13T12:55:00Z"},{"value":"0.51873","scoring_system":"epss","scoring_elements":"0.97965","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-4344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4344","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4344"},{"reference_url":"http://openwall.com/lists/oss-security/2010/12/10/1","reference_id":"1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://openwall.com/lists/oss-security/2010/12/10/1"},{"reference_url":"http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html","reference_id":"20101207.215955.bb32d4f2.en.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html"},{"reference_url":"http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html","reference_id":"20101210.164935.385e04d0.en.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html"},{"reference_url":"http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b","reference_id":"24c929a27415c7cfc7126c47e4cad39acf3efa6b","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3171","reference_id":"3171","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://www.vupen.com/english/advisories/2010/3171"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3172","reference_id":"3172","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://www.vupen.com/english/advisories/2010/3172"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3181","reference_id":"3181","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://www.vupen.com/english/advisories/2010/3181"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3186","reference_id":"3186","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://www.vupen.com/english/advisories/2010/3186"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3204","reference_id":"3204","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://www.vupen.com/english/advisories/2010/3204"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3246","reference_id":"3246","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://www.vupen.com/english/advisories/2010/3246"},{"reference_url":"http://www.vupen.com/english/advisories/2010/3317","reference_id":"3317","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://www.vupen.com/english/advisories/2010/3317"},{"reference_url":"http://secunia.com/advisories/40019","reference_id":"40019","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://secunia.com/advisories/40019"},{"reference_url":"http://secunia.com/advisories/42576","reference_id":"42576","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://secunia.com/advisories/42576"},{"reference_url":"http://secunia.com/advisories/42586","reference_id":"42586","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://secunia.com/advisories/42586"},{"reference_url":"http://secunia.com/advisories/42587","reference_id":"42587","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://secunia.com/advisories/42587"},{"reference_url":"http://secunia.com/advisories/42589","reference_id":"42589","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://secunia.com/advisories/42589"},{"reference_url":"http://www.securityfocus.com/bid/45308","reference_id":"45308","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://www.securityfocus.com/bid/45308"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606612","reference_id":"606612","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606612"},{"reference_url":"http://www.kb.cert.org/vuls/id/682457","reference_id":"682457","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://www.kb.cert.org/vuls/id/682457"},{"reference_url":"http://www.osvdb.org/69685","reference_id":"69685","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://www.osvdb.org/69685"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/04/7","reference_id":"7","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/05/04/7"},{"reference_url":"http://atmail.com/blog/2010/atmail-6204-now-available/","reference_id":"atmail-6204-now-available","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://atmail.com/blog/2010/atmail-6204-now-available/"},{"reference_url":"ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70","reference_id":"ChangeLog-4.70","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/15725.pl","reference_id":"CVE-2010-4344;OSVDB-69685","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/15725.pl"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/16925.rb","reference_id":"CVE-2010-4345;CVE-2010-4344;OSVDB-69685","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/16925.rb"},{"reference_url":"http://www.debian.org/security/2010/dsa-2131","reference_id":"dsa-2131","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://www.debian.org/security/2010/dsa-2131"},{"reference_url":"http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format","reference_id":"exim4_string_format","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format"},{"reference_url":"http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/","reference_id":"exim_code_execution_peril","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/"},{"reference_url":"http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html","reference_id":"exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html"},{"reference_url":"https://security.gentoo.org/glsa/201401-32","reference_id":"GLSA-201401-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-32"},{"reference_url":"http://www.securitytracker.com/id?1024858","reference_id":"id?1024858","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://www.securitytracker.com/id?1024858"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html","reference_id":"msg00003.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0970","reference_id":"RHSA-2010:0970","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2010:0970"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0970.html","reference_id":"RHSA-2010-0970.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0970.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=661756","reference_id":"show_bug.cgi?id=661756","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=661756"},{"reference_url":"http://bugs.exim.org/show_bug.cgi?id=787","reference_id":"show_bug.cgi?id=787","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://bugs.exim.org/show_bug.cgi?id=787"},{"reference_url":"http://www.securityfocus.com/archive/1/515172/100/0/threaded","reference_id":"threaded","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://www.securityfocus.com/archive/1/515172/100/0/threaded"},{"reference_url":"https://usn.ubuntu.com/1032-1/","reference_id":"USN-1032-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1032-1/"},{"reference_url":"http://www.ubuntu.com/usn/USN-1032-1","reference_id":"USN-1032-1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/"}],"url":"http://www.ubuntu.com/usn/USN-1032-1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39429?format=json","purl":"pkg:deb/debian/exim4@4.70-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.70-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2010-4344"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x2um-ftjf-vfec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/108969?format=json","vulnerability_id":"VCID-x2y8-pxnp-zfgv","summary":"Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67896.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67896.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67896","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22781","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22794","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22586","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67896"},{"reference_url":"https://www.openwall.com/lists/oss-security/2025/12/11/2","reference_id":"2","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T21:27:33Z/"}],"url":"https://www.openwall.com/lists/oss-security/2025/12/11/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2422034","reference_id":"2422034","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2422034"},{"reference_url":"https://exim.org/static/doc/security/EXIM-Security-2025-12-09.1/report.txt","reference_id":"report.txt","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T21:27:33Z/"}],"url":"https://exim.org/static/doc/security/EXIM-Security-2025-12-09.1/report.txt"},{"reference_url":"https://exim.org/static/doc/security/","reference_id":"security","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-15T21:27:33Z/"}],"url":"https://exim.org/static/doc/security/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39501?format=json","purl":"pkg:deb/debian/exim4@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39540?format=json","purl":"pkg:deb/debian/exim4@4.99-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2025-67896"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x2y8-pxnp-zfgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/135685?format=json","vulnerability_id":"VCID-x6nj-yg7f-uqce","summary":"Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17554.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42117.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-42117.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42117","reference_id":"","reference_type":"","scores":[{"value":"0.0735","scoring_system":"epss","scoring_elements":"0.9189","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0735","scoring_system":"epss","scoring_elements":"0.91918","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0735","scoring_system":"epss","scoring_elements":"0.91925","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42117"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42117","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42117"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241531","reference_id":"2241531","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2241531"},{"reference_url":"https://security.gentoo.org/glsa/202402-18","reference_id":"GLSA-202402-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-18"},{"reference_url":"https://usn.ubuntu.com/6455-1/","reference_id":"USN-6455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6455-1/"},{"reference_url":"https://www.zerodayinitiative.com/advisories/ZDI-23-1471/","reference_id":"ZDI-23-1471","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-05-03T16:58:53Z/"}],"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-1471/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39498?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39521?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39523?format=json","purl":"pkg:deb/debian/exim4@4.97~RC2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.97~RC2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2023-42117"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x6nj-yg7f-uqce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179636?format=json","vulnerability_id":"VCID-xp54-554m-uyhe","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28008","reference_id":"","reference_type":"","scores":[{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15134","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.1526","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00047","scoring_system":"epss","scoring_elements":"0.15266","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026"},{"reference_url":"https://security.archlinux.org/AVG-1911","reference_id":"AVG-1911","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1911"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"},{"reference_url":"https://usn.ubuntu.com/4934-2/","reference_id":"USN-4934-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39471?format=json","purl":"pkg:deb/debian/exim4@4.94.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28008"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xp54-554m-uyhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185409?format=json","vulnerability_id":"VCID-ybax-pyue-jydp","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9963.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9963.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9963","reference_id":"","reference_type":"","scores":[{"value":"0.01884","scoring_system":"epss","scoring_elements":"0.83569","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01884","scoring_system":"epss","scoring_elements":"0.83629","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01884","scoring_system":"epss","scoring_elements":"0.83638","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9963"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9963","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9963"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1405322","reference_id":"1405322","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1405322"},{"reference_url":"https://security.archlinux.org/AVG-153","reference_id":"AVG-153","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-153"},{"reference_url":"https://usn.ubuntu.com/3164-1/","reference_id":"USN-3164-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3164-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39447?format=json","purl":"pkg:deb/debian/exim4@4.88~RC6-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.88~RC6-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2016-9963"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ybax-pyue-jydp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/105604?format=json","vulnerability_id":"VCID-yqdx-ec3r-gbe1","summary":"A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53881","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.094","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09454","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09447","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-53881"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53881","reference_id":"show_bug.cgi?id=CVE-2025-53881","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-02T17:15:08Z/"}],"url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53881"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39501?format=json","purl":"pkg:deb/debian/exim4@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2025-53881"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yqdx-ec3r-gbe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/179645?format=json","vulnerability_id":"VCID-zkjr-tb1h-skbt","summary":"Multiple vulnerabilities have been found in Exim, the worst of\n    which allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28017","reference_id":"","reference_type":"","scores":[{"value":"0.03214","scoring_system":"epss","scoring_elements":"0.87324","published_at":"2026-06-11T12:55:00Z"},{"value":"0.03214","scoring_system":"epss","scoring_elements":"0.87369","published_at":"2026-06-12T12:55:00Z"},{"value":"0.03214","scoring_system":"epss","scoring_elements":"0.87375","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28009"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28010"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28011"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28013"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28014"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28015"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28019"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28021"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28022"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28026"},{"reference_url":"https://security.archlinux.org/AVG-1911","reference_id":"AVG-1911","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1911"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"},{"reference_url":"https://usn.ubuntu.com/4934-2/","reference_id":"USN-4934-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39471?format=json","purl":"pkg:deb/debian/exim4@4.94.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39413?format=json","purl":"pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-93x9-7cp1-s3d3"},{"vulnerability":"VCID-hhte-snaq-ruh5"},{"vulnerability":"VCID-syut-2gvg-jqer"},{"vulnerability":"VCID-w86m-chaw-13bw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39411?format=json","purl":"pkg:deb/debian/exim4@4.96-15%2Bdeb12u9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39418?format=json","purl":"pkg:deb/debian/exim4@4.98.2-1%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39414?format=json","purl":"pkg:deb/debian/exim4@4.99.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/39416?format=json","purl":"pkg:deb/debian/exim4@4.99.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}],"aliases":["CVE-2020-28017"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zkjr-tb1h-skbt"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.4-1%3Fdistro=trixie"}