Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/50403?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50403?format=api", "vulnerability_id": "VCID-ynbw-8a6a-sug8", "summary": "Multiple vulnerabilities were found in Exim, the worst of which\n leading to remote execution of arbitrary code with root privileges.", "aliases": [ { "alias": "CVE-2010-4344" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/586010?format=api", "purl": "pkg:deb/debian/exim4@4.70-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.70-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/571917?format=api", "purl": "pkg:deb/debian/exim4@4.72-6%2Bsqueeze4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ev3-fe86-93e3" }, { "vulnerability": "VCID-1kpw-zhj4-jfaz" }, { "vulnerability": "VCID-1tqm-3s38-fqcn" }, { "vulnerability": "VCID-2qea-x4nk-zfba" }, { "vulnerability": "VCID-3z7r-efh2-tyf9" }, { "vulnerability": "VCID-55h7-dczu-rfhe" }, { "vulnerability": "VCID-56xq-sgry-2uhd" }, { "vulnerability": "VCID-5e2k-ure4-wfdf" }, { "vulnerability": "VCID-69es-qatu-uub2" }, { "vulnerability": "VCID-6dwr-t9kn-2yfn" }, { "vulnerability": "VCID-7vuu-yzmu-duew" }, { "vulnerability": "VCID-838e-pk6w-t3by" }, { "vulnerability": "VCID-85sn-frqr-wqc1" }, { "vulnerability": "VCID-87un-11ea-myhg" }, { "vulnerability": "VCID-92ug-3eae-tydc" }, { "vulnerability": "VCID-avxe-yhcq-wudx" }, { "vulnerability": "VCID-bgxc-8scn-z7e8" }, { "vulnerability": "VCID-bz4v-p82a-skgk" }, { "vulnerability": "VCID-c9g9-ufem-9bgr" }, { "vulnerability": "VCID-caau-2ury-hbbs" }, { "vulnerability": "VCID-e844-g11f-f7fd" }, { "vulnerability": "VCID-f998-369d-r3ds" }, { "vulnerability": "VCID-kxtk-ybzc-eyfj" }, { "vulnerability": "VCID-m8mt-ya9x-yqaq" }, { "vulnerability": "VCID-mssq-pkfp-fbhg" }, { "vulnerability": "VCID-mwem-kfpv-eqf2" }, { "vulnerability": "VCID-p285-6bu3-vuh5" }, { "vulnerability": "VCID-puuy-w6ze-9kc7" }, { "vulnerability": "VCID-pzsv-7fee-1ugu" }, { "vulnerability": "VCID-qr4y-643y-dqdz" }, { "vulnerability": "VCID-qupq-a4jw-bbhh" }, { "vulnerability": "VCID-qyqw-2gga-m3c6" }, { "vulnerability": "VCID-raam-5am9-hbef" }, { "vulnerability": "VCID-rfam-rzrr-abhb" }, { "vulnerability": "VCID-rgkw-1sqv-d7hx" }, { "vulnerability": "VCID-rrea-52kb-3qf1" }, { "vulnerability": "VCID-sam4-h21q-dkej" }, { "vulnerability": "VCID-stsb-pwen-87g7" }, { "vulnerability": "VCID-swer-ztd6-nkga" }, { "vulnerability": "VCID-teft-hqz3-7ubr" }, { "vulnerability": "VCID-tpt6-ze4u-a7dt" }, { "vulnerability": "VCID-ujms-hna1-z7e6" }, { "vulnerability": "VCID-v1t8-y73h-vyee" }, { "vulnerability": "VCID-vykx-t8yc-tycc" }, { "vulnerability": "VCID-x7cz-svaj-rkb5" }, { "vulnerability": "VCID-yytq-tcvz-43dq" }, { "vulnerability": "VCID-z51d-zdeq-suas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.72-6%252Bsqueeze4" }, { "url": "http://public2.vulnerablecode.io/api/packages/582229?format=api", "purl": "pkg:deb/debian/exim4@4.94.2-7%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdsh-48ys-33ew" }, { "vulnerability": "VCID-huhp-241r-jbf6" }, { "vulnerability": "VCID-hy1a-tah2-27gq" }, { "vulnerability": "VCID-ry9v-ge65-sqbb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.94.2-7%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582230?format=api", "purl": "pkg:deb/debian/exim4@4.96-15%2Bdeb12u7?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdsh-48ys-33ew" }, { "vulnerability": "VCID-huhp-241r-jbf6" }, { "vulnerability": "VCID-hy1a-tah2-27gq" }, { "vulnerability": "VCID-ry9v-ge65-sqbb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.96-15%252Bdeb12u7%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582231?format=api", "purl": "pkg:deb/debian/exim4@4.98.2-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdsh-48ys-33ew" }, { "vulnerability": "VCID-huhp-241r-jbf6" }, { "vulnerability": "VCID-hy1a-tah2-27gq" }, { "vulnerability": "VCID-ry9v-ge65-sqbb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.98.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582232?format=api", "purl": "pkg:deb/debian/exim4@4.99.1-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdsh-48ys-33ew" }, { "vulnerability": "VCID-huhp-241r-jbf6" }, { "vulnerability": "VCID-hy1a-tah2-27gq" }, { "vulnerability": "VCID-ry9v-ge65-sqbb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081514?format=api", "purl": "pkg:deb/debian/exim4@4.99.1-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.1-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1088665?format=api", "purl": "pkg:deb/debian/exim4@4.99.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.99.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/78221?format=api", "purl": "pkg:ebuild/mail-mta/exim@4.80.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-mta/exim@4.80.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571914?format=api", "purl": "pkg:deb/debian/exim4@4.50-8sarge2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ev3-fe86-93e3" }, { "vulnerability": "VCID-1kpw-zhj4-jfaz" }, { "vulnerability": "VCID-1tqm-3s38-fqcn" }, { "vulnerability": "VCID-2qea-x4nk-zfba" }, { "vulnerability": "VCID-3z7r-efh2-tyf9" }, { "vulnerability": "VCID-55h7-dczu-rfhe" }, { "vulnerability": "VCID-56xq-sgry-2uhd" }, { "vulnerability": "VCID-5e2k-ure4-wfdf" }, { "vulnerability": "VCID-5vks-gjgj-euhp" }, { "vulnerability": "VCID-69es-qatu-uub2" }, { "vulnerability": "VCID-6dwr-t9kn-2yfn" }, { "vulnerability": "VCID-7vuu-yzmu-duew" }, { "vulnerability": "VCID-838e-pk6w-t3by" }, { "vulnerability": "VCID-85sn-frqr-wqc1" }, { "vulnerability": "VCID-879s-a42x-bqhu" }, { "vulnerability": "VCID-87un-11ea-myhg" }, { "vulnerability": "VCID-92ug-3eae-tydc" }, { "vulnerability": "VCID-avxe-yhcq-wudx" }, { "vulnerability": "VCID-bdkr-87xb-4yf8" }, { "vulnerability": "VCID-bgxc-8scn-z7e8" }, { "vulnerability": "VCID-bz4v-p82a-skgk" }, { "vulnerability": "VCID-c9g9-ufem-9bgr" }, { "vulnerability": "VCID-caau-2ury-hbbs" }, { "vulnerability": "VCID-e844-g11f-f7fd" }, { "vulnerability": "VCID-f998-369d-r3ds" }, { "vulnerability": "VCID-kxtk-ybzc-eyfj" }, { "vulnerability": "VCID-m8mt-ya9x-yqaq" }, { "vulnerability": "VCID-mssq-pkfp-fbhg" }, { "vulnerability": "VCID-mwem-kfpv-eqf2" }, { "vulnerability": "VCID-p285-6bu3-vuh5" }, { "vulnerability": "VCID-pdm2-w3dk-p7gd" }, { "vulnerability": "VCID-puuy-w6ze-9kc7" }, { "vulnerability": "VCID-pzsv-7fee-1ugu" }, { "vulnerability": "VCID-qr4y-643y-dqdz" }, { "vulnerability": "VCID-qupq-a4jw-bbhh" }, { "vulnerability": "VCID-qyqw-2gga-m3c6" }, { "vulnerability": "VCID-raam-5am9-hbef" }, { "vulnerability": "VCID-rfam-rzrr-abhb" }, { "vulnerability": "VCID-rgkw-1sqv-d7hx" }, { "vulnerability": "VCID-rrea-52kb-3qf1" }, { "vulnerability": "VCID-sam4-h21q-dkej" }, { "vulnerability": "VCID-stsb-pwen-87g7" }, { "vulnerability": "VCID-swer-ztd6-nkga" }, { "vulnerability": "VCID-teft-hqz3-7ubr" }, { "vulnerability": "VCID-tpt6-ze4u-a7dt" }, { "vulnerability": "VCID-ujms-hna1-z7e6" }, { "vulnerability": "VCID-v1t8-y73h-vyee" }, { "vulnerability": "VCID-vykx-t8yc-tycc" }, { "vulnerability": "VCID-x7cz-svaj-rkb5" }, { "vulnerability": "VCID-ynbw-8a6a-sug8" }, { "vulnerability": "VCID-yytq-tcvz-43dq" }, { "vulnerability": "VCID-z51d-zdeq-suas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.50-8sarge2" }, { "url": "http://public2.vulnerablecode.io/api/packages/571915?format=api", "purl": "pkg:deb/debian/exim4@4.63-17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ev3-fe86-93e3" }, { "vulnerability": "VCID-1kpw-zhj4-jfaz" }, { "vulnerability": "VCID-1tqm-3s38-fqcn" }, { "vulnerability": "VCID-2qea-x4nk-zfba" }, { "vulnerability": "VCID-3z7r-efh2-tyf9" }, { "vulnerability": "VCID-55h7-dczu-rfhe" }, { "vulnerability": "VCID-56xq-sgry-2uhd" }, { "vulnerability": "VCID-5e2k-ure4-wfdf" }, { "vulnerability": "VCID-5vks-gjgj-euhp" }, { "vulnerability": "VCID-69es-qatu-uub2" }, { "vulnerability": "VCID-6dwr-t9kn-2yfn" }, { "vulnerability": "VCID-7vuu-yzmu-duew" }, { "vulnerability": "VCID-838e-pk6w-t3by" }, { "vulnerability": "VCID-85sn-frqr-wqc1" }, { "vulnerability": "VCID-879s-a42x-bqhu" }, { "vulnerability": "VCID-87un-11ea-myhg" }, { "vulnerability": "VCID-92ug-3eae-tydc" }, { "vulnerability": "VCID-avxe-yhcq-wudx" }, { "vulnerability": "VCID-bdkr-87xb-4yf8" }, { "vulnerability": "VCID-bgxc-8scn-z7e8" }, { "vulnerability": "VCID-bz4v-p82a-skgk" }, { "vulnerability": "VCID-c9g9-ufem-9bgr" }, { "vulnerability": "VCID-caau-2ury-hbbs" }, { "vulnerability": "VCID-e844-g11f-f7fd" }, { "vulnerability": "VCID-f998-369d-r3ds" }, { "vulnerability": "VCID-kxtk-ybzc-eyfj" }, { "vulnerability": "VCID-m8mt-ya9x-yqaq" }, { "vulnerability": "VCID-mssq-pkfp-fbhg" }, { "vulnerability": "VCID-mwem-kfpv-eqf2" }, { "vulnerability": "VCID-p285-6bu3-vuh5" }, { "vulnerability": "VCID-pdm2-w3dk-p7gd" }, { "vulnerability": "VCID-puuy-w6ze-9kc7" }, { "vulnerability": "VCID-pzsv-7fee-1ugu" }, { "vulnerability": "VCID-qr4y-643y-dqdz" }, { "vulnerability": "VCID-qupq-a4jw-bbhh" }, { "vulnerability": "VCID-qyqw-2gga-m3c6" }, { "vulnerability": "VCID-raam-5am9-hbef" }, { "vulnerability": "VCID-rfam-rzrr-abhb" }, { "vulnerability": "VCID-rgkw-1sqv-d7hx" }, { "vulnerability": "VCID-rrea-52kb-3qf1" }, { "vulnerability": "VCID-sam4-h21q-dkej" }, { "vulnerability": "VCID-stsb-pwen-87g7" }, { "vulnerability": "VCID-swer-ztd6-nkga" }, { "vulnerability": "VCID-teft-hqz3-7ubr" }, { "vulnerability": "VCID-tpt6-ze4u-a7dt" }, { "vulnerability": "VCID-ujms-hna1-z7e6" }, { "vulnerability": "VCID-v1t8-y73h-vyee" }, { "vulnerability": "VCID-vykx-t8yc-tycc" }, { "vulnerability": "VCID-x7cz-svaj-rkb5" }, { "vulnerability": "VCID-ynbw-8a6a-sug8" }, { "vulnerability": "VCID-yytq-tcvz-43dq" }, { "vulnerability": "VCID-z51d-zdeq-suas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.63-17" }, { "url": "http://public2.vulnerablecode.io/api/packages/571916?format=api", "purl": "pkg:deb/debian/exim4@4.69-9%2Blenny4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ev3-fe86-93e3" }, { "vulnerability": "VCID-1kpw-zhj4-jfaz" }, { "vulnerability": "VCID-1tqm-3s38-fqcn" }, { "vulnerability": "VCID-2qea-x4nk-zfba" }, { "vulnerability": "VCID-3z7r-efh2-tyf9" }, { "vulnerability": "VCID-55h7-dczu-rfhe" }, { "vulnerability": "VCID-56xq-sgry-2uhd" }, { "vulnerability": "VCID-5e2k-ure4-wfdf" }, { "vulnerability": "VCID-5vks-gjgj-euhp" }, { "vulnerability": "VCID-69es-qatu-uub2" }, { "vulnerability": "VCID-6dwr-t9kn-2yfn" }, { "vulnerability": "VCID-7vuu-yzmu-duew" }, { "vulnerability": "VCID-838e-pk6w-t3by" }, { "vulnerability": "VCID-85sn-frqr-wqc1" }, { "vulnerability": "VCID-879s-a42x-bqhu" }, { "vulnerability": "VCID-87un-11ea-myhg" }, { "vulnerability": "VCID-92ug-3eae-tydc" }, { "vulnerability": "VCID-avxe-yhcq-wudx" }, { "vulnerability": "VCID-bdkr-87xb-4yf8" }, { "vulnerability": "VCID-bgxc-8scn-z7e8" }, { "vulnerability": "VCID-bz4v-p82a-skgk" }, { "vulnerability": "VCID-c9g9-ufem-9bgr" }, { "vulnerability": "VCID-caau-2ury-hbbs" }, { "vulnerability": "VCID-e844-g11f-f7fd" }, { "vulnerability": "VCID-f998-369d-r3ds" }, { "vulnerability": "VCID-kxtk-ybzc-eyfj" }, { "vulnerability": "VCID-m8mt-ya9x-yqaq" }, { "vulnerability": "VCID-mssq-pkfp-fbhg" }, { "vulnerability": "VCID-mwem-kfpv-eqf2" }, { "vulnerability": "VCID-p285-6bu3-vuh5" }, { "vulnerability": "VCID-pdm2-w3dk-p7gd" }, { "vulnerability": "VCID-puuy-w6ze-9kc7" }, { "vulnerability": "VCID-pzsv-7fee-1ugu" }, { "vulnerability": "VCID-qr4y-643y-dqdz" }, { "vulnerability": "VCID-qupq-a4jw-bbhh" }, { "vulnerability": "VCID-qyqw-2gga-m3c6" }, { "vulnerability": "VCID-raam-5am9-hbef" }, { "vulnerability": "VCID-rfam-rzrr-abhb" }, { "vulnerability": "VCID-rgkw-1sqv-d7hx" }, { "vulnerability": "VCID-rrea-52kb-3qf1" }, { "vulnerability": "VCID-sam4-h21q-dkej" }, { "vulnerability": "VCID-stsb-pwen-87g7" }, { "vulnerability": "VCID-swer-ztd6-nkga" }, { "vulnerability": "VCID-teft-hqz3-7ubr" }, { "vulnerability": "VCID-tpt6-ze4u-a7dt" }, { "vulnerability": "VCID-ujms-hna1-z7e6" }, { "vulnerability": "VCID-v1t8-y73h-vyee" }, { "vulnerability": "VCID-vykx-t8yc-tycc" }, { "vulnerability": "VCID-x7cz-svaj-rkb5" }, { "vulnerability": "VCID-ynbw-8a6a-sug8" }, { "vulnerability": "VCID-yytq-tcvz-43dq" }, { "vulnerability": "VCID-z51d-zdeq-suas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/exim4@4.69-9%252Blenny4" }, { "url": "http://public2.vulnerablecode.io/api/packages/127455?format=api", "purl": "pkg:rpm/redhat/exim@4.43-1.RHEL4.5.el4_7?arch=1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ynbw-8a6a-sug8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/exim@4.43-1.RHEL4.5.el4_7%3Farch=1" }, { "url": "http://public2.vulnerablecode.io/api/packages/127456?format=api", "purl": "pkg:rpm/redhat/exim@4.43-1.RHEL4.5.el4_8?arch=1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ynbw-8a6a-sug8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/exim@4.43-1.RHEL4.5.el4_8%3Farch=1" }, { "url": "http://public2.vulnerablecode.io/api/packages/127454?format=api", "purl": "pkg:rpm/redhat/exim@4.63-3.el5_3?arch=1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ynbw-8a6a-sug8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/exim@4.63-3.el5_3%3Farch=1" }, { "url": "http://public2.vulnerablecode.io/api/packages/127457?format=api", "purl": "pkg:rpm/redhat/exim@4.63-3.el5_4?arch=1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ynbw-8a6a-sug8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/exim@4.63-3.el5_4%3Farch=1" }, { "url": "http://public2.vulnerablecode.io/api/packages/127453?format=api", "purl": "pkg:rpm/redhat/exim@4.63-5.el5_5?arch=2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ynbw-8a6a-sug8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/exim@4.63-5.el5_5%3Farch=2" } ], "references": [ { "reference_url": "ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70" }, { "reference_url": "http://atmail.com/blog/2010/atmail-6204-now-available/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://atmail.com/blog/2010/atmail-6204-now-available/" }, { "reference_url": "http://bugs.exim.org/show_bug.cgi?id=787", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://bugs.exim.org/show_bug.cgi?id=787" }, { "reference_url": "http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b" }, { "reference_url": "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2010/12/10/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://openwall.com/lists/oss-security/2010/12/10/1" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4344.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4344.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4344", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.53064", "scoring_system": "epss", "scoring_elements": "0.97966", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.53064", "scoring_system": "epss", "scoring_elements": "0.97972", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.53064", "scoring_system": "epss", "scoring_elements": "0.97968", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.61461", "scoring_system": "epss", "scoring_elements": "0.98317", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.61461", "scoring_system": "epss", "scoring_elements": "0.98314", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.61461", "scoring_system": "epss", "scoring_elements": "0.98333", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.61461", "scoring_system": "epss", "scoring_elements": "0.98328", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.61461", "scoring_system": "epss", "scoring_elements": "0.98325", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.61461", "scoring_system": "epss", "scoring_elements": "0.98324", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.61461", "scoring_system": "epss", "scoring_elements": "0.98319", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.61461", "scoring_system": "epss", "scoring_elements": "0.98312", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4344" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4344", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4344" }, { "reference_url": "http://secunia.com/advisories/40019", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://secunia.com/advisories/40019" }, { "reference_url": "http://secunia.com/advisories/42576", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://secunia.com/advisories/42576" }, { "reference_url": "http://secunia.com/advisories/42586", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://secunia.com/advisories/42586" }, { "reference_url": "http://secunia.com/advisories/42587", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://secunia.com/advisories/42587" }, { "reference_url": "http://secunia.com/advisories/42589", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://secunia.com/advisories/42589" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4344", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4344" }, { "reference_url": "http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html" }, { "reference_url": "http://www.debian.org/security/2010/dsa-2131", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.debian.org/security/2010/dsa-2131" }, { "reference_url": "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html" }, { "reference_url": "http://www.kb.cert.org/vuls/id/682457", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.kb.cert.org/vuls/id/682457" }, { "reference_url": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/04/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/04/7" }, { "reference_url": "http://www.osvdb.org/69685", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.osvdb.org/69685" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0970.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0970.html" }, { "reference_url": "http://www.securityfocus.com/archive/1/515172/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.securityfocus.com/archive/1/515172/100/0/threaded" }, { "reference_url": "http://www.securityfocus.com/bid/45308", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.securityfocus.com/bid/45308" }, { "reference_url": "http://www.securitytracker.com/id?1024858", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.securitytracker.com/id?1024858" }, { "reference_url": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1032-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.ubuntu.com/usn/USN-1032-1" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3171", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3171" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3172", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3172" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3181", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3181" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3186", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3186" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3204", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3204" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3246", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3246" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/3317", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "http://www.vupen.com/english/advisories/2010/3317" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606612", "reference_id": "606612", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606612" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=661756", "reference_id": "661756", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=661756" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4344", "reference_id": "CVE-2010-4344", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-4344" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/15725.pl", "reference_id": "CVE-2010-4344;OSVDB-69685", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/15725.pl" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/16925.rb", "reference_id": "CVE-2010-4345;CVE-2010-4344;OSVDB-69685", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/16925.rb" }, { "reference_url": "https://security.gentoo.org/glsa/201401-32", "reference_id": "GLSA-201401-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0970", "reference_id": "RHSA-2010:0970", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0970" }, { "reference_url": "https://usn.ubuntu.com/1032-1/", "reference_id": "USN-1032-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1032-1/" } ], "weaknesses": [ { "cwe_id": 78, "name": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "description": "The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component." }, { "cwe_id": 787, "name": "Out-of-bounds Write", "description": "The product writes data past the end, or before the beginning, of the intended buffer." } ], "exploits": [ { "date_added": "2010-12-16", "description": "Exim4 < 4.69 - string_format Function Heap Buffer Overflow (Metasploit)", "required_action": null, "due_date": null, "notes": null, "known_ransomware_campaign_use": true, "source_date_published": "2010-12-16", "exploit_type": "remote", "platform": "linux", "source_date_updated": "2011-03-06", "data_source": "Exploit-DB", "source_url": "" }, { "date_added": null, "description": "This module exploits a heap buffer overflow within versions of Exim prior to\n version 4.69. By sending a specially crafted message, an attacker can corrupt the\n heap and execute arbitrary code with the privileges of the Exim daemon.\n\n The root cause is that no check is made to ensure that the buffer is not full\n prior to handling '%s' format specifiers within the 'string_vformat' function.\n In order to trigger this issue, we get our message rejected by sending a message\n that is too large. This will call into log_write to log rejection headers (which\n is a default configuration setting). After filling the buffer, a long header\n string is sent. In a successful attempt, it overwrites the ACL for the 'MAIL\n FROM' command. By sending a second message, the string we sent will be evaluated\n with 'expand_string' and arbitrary shell commands can be executed.\n\n It is likely that this issue could also be exploited using other techniques such\n as targeting in-band heap management structures, or perhaps even function pointers\n stored in the heap. However, these techniques would likely be far more platform\n specific, more complicated, and less reliable.\n\n This bug was original found and reported in December 2008, but was not\n properly handled as a security issue. Therefore, there was a 2 year lag time\n between when the issue was fixed and when it was discovered being exploited\n in the wild. At that point, the issue was assigned a CVE and began being\n addressed by downstream vendors.\n\n An additional vulnerability, CVE-2010-4345, was also used in the attack that\n led to the discovery of danger of this bug. This bug allows a local user to\n gain root privileges from the Exim user account. If the Perl interpreter is\n found on the remote system, this module will automatically exploit the\n secondary bug as well to get root.", "required_action": null, "due_date": null, "notes": "Reliability:\n - unknown-reliability\nStability:\n - unknown-stability\nSideEffects:\n - unknown-side-effects\n", "known_ransomware_campaign_use": false, "source_date_published": "2010-12-07", "exploit_type": null, "platform": "Unix", "source_date_updated": null, "data_source": "Metasploit", "source_url": "https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/smtp/exim4_string_format.rb" }, { "date_added": "2022-03-25", "description": "Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session.", "required_action": "Apply updates per vendor instructions.", "due_date": "2022-04-15", "notes": "https://nvd.nist.gov/vuln/detail/CVE-2010-4344", "known_ransomware_campaign_use": false, "source_date_published": null, "exploit_type": null, "platform": null, "source_date_updated": null, "data_source": "KEV", "source_url": null } ], "severity_range_score": "9.3 - 9.8", "exploitability": "2.0", "weighted_severity": "8.8", "risk_score": 10.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ynbw-8a6a-sug8" }