{"url":"http://public2.vulnerablecode.io/api/packages/944?format=json","purl":"pkg:alpm/archlinux/exim@4.92-1","type":"alpm","namespace":"archlinux","name":"exim","version":"4.92-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.92.3-1","latest_non_vulnerable_version":"4.98.2-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1804?format=json","vulnerability_id":"VCID-e98p-n22a-zfhv","summary":"arbitrary code execution","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13917","reference_id":"","reference_type":"","scores":[{"value":"0.17276","scoring_system":"epss","scoring_elements":"0.9515","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13917"},{"reference_url":"https://security.archlinux.org/ASA-201908-4","reference_id":"ASA-201908-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-4"},{"reference_url":"https://security.archlinux.org/AVG-1011","reference_id":"AVG-1011","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1011"},{"reference_url":"https://security.gentoo.org/glsa/201909-06","reference_id":"GLSA-201909-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201909-06"},{"reference_url":"https://usn.ubuntu.com/4075-1/","reference_id":"USN-4075-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4075-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/939?format=json","purl":"pkg:alpm/archlinux/exim@4.92.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sf4p-58nn-1fbs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/exim@4.92.1-1"}],"aliases":["CVE-2019-13917"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e98p-n22a-zfhv"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3696?format=json","vulnerability_id":"VCID-98c1-ms8a-rue4","summary":"arbitrary code execution","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28020","reference_id":"","reference_type":"","scores":[{"value":"0.26587","scoring_system":"epss","scoring_elements":"0.96424","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28020"},{"reference_url":"https://security.archlinux.org/AVG-1912","reference_id":"AVG-1912","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1912"},{"reference_url":"https://security.gentoo.org/glsa/202105-01","reference_id":"GLSA-202105-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-01"},{"reference_url":"https://usn.ubuntu.com/4934-1/","reference_id":"USN-4934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-1/"},{"reference_url":"https://usn.ubuntu.com/4934-2/","reference_id":"USN-4934-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4934-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/944?format=json","purl":"pkg:alpm/archlinux/exim@4.92-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e98p-n22a-zfhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/exim@4.92-1"}],"aliases":["CVE-2020-28020"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98c1-ms8a-rue4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1831?format=json","vulnerability_id":"VCID-bamn-cvcu-vyfq","summary":"arbitrary code execution","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10149","reference_id":"","reference_type":"","scores":[{"value":"0.93918","scoring_system":"epss","scoring_elements":"0.99885","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10149"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/06/06/1","reference_id":"1","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/06/06/1"},{"reference_url":"http://www.securityfocus.com/bid/108679","reference_id":"108679","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://www.securityfocus.com/bid/108679"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Jun/16","reference_id":"16","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://seclists.org/fulldisclosure/2019/Jun/16"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/06/05/2","reference_id":"2","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/06/05/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/06/05/3","reference_id":"3","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/06/05/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/06/05/4","reference_id":"4","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/06/05/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/07/26/4","reference_id":"4","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/07/26/4"},{"reference_url":"https://seclists.org/bugtraq/2019/Jun/5","reference_id":"5","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"https://seclists.org/bugtraq/2019/Jun/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/07/25/6","reference_id":"6","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/07/25/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/07/25/7","reference_id":"7","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://www.openwall.com/lists/oss-security/2019/07/25/7"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/04/7","reference_id":"7","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/05/04/7"},{"reference_url":"https://security.archlinux.org/AVG-982","reference_id":"AVG-982","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-982"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46996.sh","reference_id":"CVE-2019-10149","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46996.sh"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/47307.rb","reference_id":"CVE-2019-10149","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/47307.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/46974.txt","reference_id":"CVE-2019-10149","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/46974.txt"},{"reference_url":"https://lwn.net/Articles/790553/","reference_id":"CVE-2019-10149","reference_type":"exploit","scores":[],"url":"https://lwn.net/Articles/790553/"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/local/exim4_deliver_message_priv_esc.rb","reference_id":"CVE-2019-10149","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/local/exim4_deliver_message_priv_esc.rb"},{"reference_url":"https://www.exim.org/static/doc/security/CVE-2019-10149.txt","reference_id":"CVE-2019-10149.txt","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"https://www.exim.org/static/doc/security/CVE-2019-10149.txt"},{"reference_url":"https://www.debian.org/security/2019/dsa-4456","reference_id":"dsa-4456","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"https://www.debian.org/security/2019/dsa-4456"},{"reference_url":"http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.html","reference_id":"Exim-4.91-Local-Privilege-Escalation.html","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.html"},{"reference_url":"http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.html","reference_id":"Exim-4.91-Local-Privilege-Escalation.html","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.html"},{"reference_url":"http://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html","reference_id":"Exim-4.9.1-Remote-Command-Execution.html","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html"},{"reference_url":"https://security.gentoo.org/glsa/201906-01","reference_id":"GLSA-201906-01","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"https://security.gentoo.org/glsa/201906-01"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00020.html","reference_id":"msg00020.html","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00020.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10149","reference_id":"show_bug.cgi?id=CVE-2019-10149","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10149"},{"reference_url":"https://usn.ubuntu.com/4010-1/","reference_id":"USN-4010-1","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T13:31:13Z/"}],"url":"https://usn.ubuntu.com/4010-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/944?format=json","purl":"pkg:alpm/archlinux/exim@4.92-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e98p-n22a-zfhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/exim@4.92-1"}],"aliases":["CVE-2019-10149"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bamn-cvcu-vyfq"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/exim@4.92-1"}