Search for vulnerabilities
Vulnerability details: VCID-xagu-s6bk-aaap
Vulnerability ID VCID-xagu-s6bk-aaap
Aliases CVE-2010-4344
Summary Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3.1 9.8 ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70
cvssv3.1 9.8 ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70
ssvc Act ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70
ssvc Act ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70
cvssv3.1 9.8 http://atmail.com/blog/2010/atmail-6204-now-available/
cvssv3.1 9.8 http://atmail.com/blog/2010/atmail-6204-now-available/
ssvc Act http://atmail.com/blog/2010/atmail-6204-now-available/
ssvc Act http://atmail.com/blog/2010/atmail-6204-now-available/
cvssv3.1 9.8 http://bugs.exim.org/show_bug.cgi?id=787
cvssv3.1 9.8 http://bugs.exim.org/show_bug.cgi?id=787
ssvc Act http://bugs.exim.org/show_bug.cgi?id=787
ssvc Act http://bugs.exim.org/show_bug.cgi?id=787
cvssv3.1 9.8 http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b
cvssv3.1 9.8 http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b
ssvc Act http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b
ssvc Act http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b
cvssv3.1 9.8 http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
cvssv3.1 9.8 http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
ssvc Act http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
ssvc Act http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
cvssv3.1 9.8 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
cvssv3.1 9.8 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
ssvc Act http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
ssvc Act http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
cvssv3.1 9.8 http://openwall.com/lists/oss-security/2010/12/10/1
cvssv3.1 9.8 http://openwall.com/lists/oss-security/2010/12/10/1
ssvc Act http://openwall.com/lists/oss-security/2010/12/10/1
ssvc Act http://openwall.com/lists/oss-security/2010/12/10/1
rhas Critical https://access.redhat.com/errata/RHSA-2010:0970
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.57471 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.61776 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.74965 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.74965 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.74965 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.74965 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.74965 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.74965 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.74965 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.74965 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.74965 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.74965 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.75465 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.83965 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.83965 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.83965 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
epss 0.83965 https://api.first.org/data/v1/epss?cve=CVE-2010-4344
cvssv3.1 9.8 https://bugzilla.redhat.com/show_bug.cgi?id=661756
cvssv3.1 9.8 https://bugzilla.redhat.com/show_bug.cgi?id=661756
ssvc Act https://bugzilla.redhat.com/show_bug.cgi?id=661756
ssvc Act https://bugzilla.redhat.com/show_bug.cgi?id=661756
cvssv3.1 9.8 http://secunia.com/advisories/40019
cvssv3.1 9.8 http://secunia.com/advisories/40019
ssvc Act http://secunia.com/advisories/40019
ssvc Act http://secunia.com/advisories/40019
cvssv3.1 9.8 http://secunia.com/advisories/42576
cvssv3.1 9.8 http://secunia.com/advisories/42576
ssvc Act http://secunia.com/advisories/42576
ssvc Act http://secunia.com/advisories/42576
cvssv3.1 9.8 http://secunia.com/advisories/42586
cvssv3.1 9.8 http://secunia.com/advisories/42586
ssvc Act http://secunia.com/advisories/42586
ssvc Act http://secunia.com/advisories/42586
cvssv3.1 9.8 http://secunia.com/advisories/42587
cvssv3.1 9.8 http://secunia.com/advisories/42587
ssvc Act http://secunia.com/advisories/42587
ssvc Act http://secunia.com/advisories/42587
cvssv3.1 9.8 http://secunia.com/advisories/42589
cvssv3.1 9.8 http://secunia.com/advisories/42589
ssvc Act http://secunia.com/advisories/42589
ssvc Act http://secunia.com/advisories/42589
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2010-4344
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2010-4344
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2010-4344
cvssv3.1 9.8 http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html
cvssv3.1 9.8 http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html
ssvc Act http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html
ssvc Act http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html
cvssv3.1 9.8 http://www.debian.org/security/2010/dsa-2131
cvssv3.1 9.8 http://www.debian.org/security/2010/dsa-2131
ssvc Act http://www.debian.org/security/2010/dsa-2131
ssvc Act http://www.debian.org/security/2010/dsa-2131
cvssv3.1 9.8 http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
cvssv3.1 9.8 http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
ssvc Act http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
ssvc Act http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
cvssv3.1 9.8 http://www.kb.cert.org/vuls/id/682457
cvssv3.1 9.8 http://www.kb.cert.org/vuls/id/682457
ssvc Act http://www.kb.cert.org/vuls/id/682457
ssvc Act http://www.kb.cert.org/vuls/id/682457
cvssv3.1 9.8 http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
cvssv3.1 9.8 http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
ssvc Act http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
ssvc Act http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
cvssv3.1 9.8 http://www.openwall.com/lists/oss-security/2021/05/04/7
cvssv3.1 9.8 http://www.openwall.com/lists/oss-security/2021/05/04/7
ssvc Act http://www.openwall.com/lists/oss-security/2021/05/04/7
ssvc Act http://www.openwall.com/lists/oss-security/2021/05/04/7
cvssv3.1 9.8 http://www.osvdb.org/69685
cvssv3.1 9.8 http://www.osvdb.org/69685
ssvc Act http://www.osvdb.org/69685
ssvc Act http://www.osvdb.org/69685
cvssv3.1 9.8 http://www.redhat.com/support/errata/RHSA-2010-0970.html
cvssv3.1 9.8 http://www.redhat.com/support/errata/RHSA-2010-0970.html
ssvc Act http://www.redhat.com/support/errata/RHSA-2010-0970.html
ssvc Act http://www.redhat.com/support/errata/RHSA-2010-0970.html
cvssv3.1 9.8 http://www.securityfocus.com/archive/1/515172/100/0/threaded
cvssv3.1 9.8 http://www.securityfocus.com/archive/1/515172/100/0/threaded
ssvc Act http://www.securityfocus.com/archive/1/515172/100/0/threaded
ssvc Act http://www.securityfocus.com/archive/1/515172/100/0/threaded
cvssv3.1 9.8 http://www.securityfocus.com/bid/45308
cvssv3.1 9.8 http://www.securityfocus.com/bid/45308
ssvc Act http://www.securityfocus.com/bid/45308
ssvc Act http://www.securityfocus.com/bid/45308
cvssv3.1 9.8 http://www.securitytracker.com/id?1024858
cvssv3.1 9.8 http://www.securitytracker.com/id?1024858
ssvc Act http://www.securitytracker.com/id?1024858
ssvc Act http://www.securitytracker.com/id?1024858
cvssv3.1 9.8 http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
cvssv3.1 9.8 http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
ssvc Act http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
ssvc Act http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
cvssv3.1 9.8 http://www.ubuntu.com/usn/USN-1032-1
cvssv3.1 9.8 http://www.ubuntu.com/usn/USN-1032-1
ssvc Act http://www.ubuntu.com/usn/USN-1032-1
ssvc Act http://www.ubuntu.com/usn/USN-1032-1
cvssv3.1 9.8 http://www.vupen.com/english/advisories/2010/3171
cvssv3.1 9.8 http://www.vupen.com/english/advisories/2010/3171
ssvc Act http://www.vupen.com/english/advisories/2010/3171
ssvc Act http://www.vupen.com/english/advisories/2010/3171
cvssv3.1 9.8 http://www.vupen.com/english/advisories/2010/3172
cvssv3.1 9.8 http://www.vupen.com/english/advisories/2010/3172
ssvc Act http://www.vupen.com/english/advisories/2010/3172
ssvc Act http://www.vupen.com/english/advisories/2010/3172
cvssv3.1 9.8 http://www.vupen.com/english/advisories/2010/3181
cvssv3.1 9.8 http://www.vupen.com/english/advisories/2010/3181
ssvc Act http://www.vupen.com/english/advisories/2010/3181
ssvc Act http://www.vupen.com/english/advisories/2010/3181
cvssv3.1 9.8 http://www.vupen.com/english/advisories/2010/3186
cvssv3.1 9.8 http://www.vupen.com/english/advisories/2010/3186
ssvc Act http://www.vupen.com/english/advisories/2010/3186
ssvc Act http://www.vupen.com/english/advisories/2010/3186
cvssv3.1 9.8 http://www.vupen.com/english/advisories/2010/3204
cvssv3.1 9.8 http://www.vupen.com/english/advisories/2010/3204
ssvc Act http://www.vupen.com/english/advisories/2010/3204
ssvc Act http://www.vupen.com/english/advisories/2010/3204
cvssv3.1 9.8 http://www.vupen.com/english/advisories/2010/3246
cvssv3.1 9.8 http://www.vupen.com/english/advisories/2010/3246
ssvc Act http://www.vupen.com/english/advisories/2010/3246
ssvc Act http://www.vupen.com/english/advisories/2010/3246
cvssv3.1 9.8 http://www.vupen.com/english/advisories/2010/3317
cvssv3.1 9.8 http://www.vupen.com/english/advisories/2010/3317
ssvc Act http://www.vupen.com/english/advisories/2010/3317
ssvc Act http://www.vupen.com/english/advisories/2010/3317
Reference id Reference type URL
ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70
http://atmail.com/blog/2010/atmail-6204-now-available/
http://bugs.exim.org/show_bug.cgi?id=787
http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b
http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
http://openwall.com/lists/oss-security/2010/12/10/1
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4344.json
https://api.first.org/data/v1/epss?cve=CVE-2010-4344
https://bugzilla.redhat.com/show_bug.cgi?id=661756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4344
http://secunia.com/advisories/40019
http://secunia.com/advisories/42576
http://secunia.com/advisories/42586
http://secunia.com/advisories/42587
http://secunia.com/advisories/42589
http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html
http://www.debian.org/security/2010/dsa-2131
http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
http://www.kb.cert.org/vuls/id/682457
http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
http://www.openwall.com/lists/oss-security/2021/05/04/7
http://www.osvdb.org/69685
http://www.redhat.com/support/errata/RHSA-2010-0970.html
http://www.securityfocus.com/archive/1/515172/100/0/threaded
http://www.securityfocus.com/bid/45308
http://www.securitytracker.com/id?1024858
http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
http://www.ubuntu.com/usn/USN-1032-1
http://www.vupen.com/english/advisories/2010/3171
http://www.vupen.com/english/advisories/2010/3172
http://www.vupen.com/english/advisories/2010/3181
http://www.vupen.com/english/advisories/2010/3186
http://www.vupen.com/english/advisories/2010/3204
http://www.vupen.com/english/advisories/2010/3246
http://www.vupen.com/english/advisories/2010/3317
606612 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606612
cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:2.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:2.10:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:2.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:2.11:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:2.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:2.12:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.00:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.00:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.01:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.01:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.02:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.02:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.03:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.03:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.10:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.11:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.12:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.13:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.14:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.15:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.16:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.20:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.21:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.22:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.30:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.31:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.32:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.33:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.34:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.35:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:3.36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:3.36:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.00:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.00:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.01:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.01:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.02:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.02:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.03:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.03:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.04:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.05:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.05:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.10:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.11:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.12:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.14:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.20:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.21:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.22:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.23:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.24:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.30:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.31:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.32:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.33:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.34:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.40:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.40:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.41:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.41:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.42:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.42:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.43:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.43:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.44:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.44:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.50:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.50:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.51:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.51:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.52:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.52:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.53:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.53:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.54:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.54:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.60:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.60:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.61:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.61:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.62:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.62:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.63:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.63:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.64:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.64:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.65:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.65:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.66:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.66:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.67:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.67:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:4.68:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:exim:exim:4.68:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
CVE-2010-4344 https://nvd.nist.gov/vuln/detail/CVE-2010-4344
CVE-2010-4344;OSVDB-69685 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/15725.pl
CVE-2010-4345;CVE-2010-4344;OSVDB-69685 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/16925.rb
GLSA-201401-32 https://security.gentoo.org/glsa/201401-32
RHSA-2010:0970 https://access.redhat.com/errata/RHSA-2010:0970
USN-1032-1 https://usn.ubuntu.com/1032-1/
Data source Exploit-DB
Date added Dec. 16, 2010
Description Exim4 < 4.69 - string_format Function Heap Buffer Overflow (Metasploit)
Ransomware campaign use Known
Source publication date Dec. 16, 2010
Exploit type remote
Platform linux
Source update date March 6, 2011
Data source Metasploit
Description This module exploits a heap buffer overflow within versions of Exim prior to version 4.69. By sending a specially crafted message, an attacker can corrupt the heap and execute arbitrary code with the privileges of the Exim daemon. The root cause is that no check is made to ensure that the buffer is not full prior to handling '%s' format specifiers within the 'string_vformat' function. In order to trigger this issue, we get our message rejected by sending a message that is too large. This will call into log_write to log rejection headers (which is a default configuration setting). After filling the buffer, a long header string is sent. In a successful attempt, it overwrites the ACL for the 'MAIL FROM' command. By sending a second message, the string we sent will be evaluated with 'expand_string' and arbitrary shell commands can be executed. It is likely that this issue could also be exploited using other techniques such as targeting in-band heap management structures, or perhaps even function pointers stored in the heap. However, these techniques would likely be far more platform specific, more complicated, and less reliable. This bug was original found and reported in December 2008, but was not properly handled as a security issue. Therefore, there was a 2 year lag time between when the issue was fixed and when it was discovered being exploited in the wild. At that point, the issue was assigned a CVE and began being addressed by downstream vendors. An additional vulnerability, CVE-2010-4345, was also used in the attack that led to the discovery of danger of this bug. This bug allows a local user to gain root privileges from the Exim user account. If the Perl interpreter is found on the remote system, this module will automatically exploit the secondary bug as well to get root.
Note 
{}
Ransomware campaign use Unknown
Source publication date Dec. 7, 2010
Platform Unix
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/smtp/exim4_string_format.rb
Data source KEV
Date added March 25, 2022
Description Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session.
Required action Apply updates per vendor instructions.
Due date April 15, 2022
Note 
https://nvd.nist.gov/vuln/detail/CVE-2010-4344
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://atmail.com/blog/2010/atmail-6204-now-available/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://atmail.com/blog/2010/atmail-6204-now-available/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://atmail.com/blog/2010/atmail-6204-now-available/
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://atmail.com/blog/2010/atmail-6204-now-available/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://bugs.exim.org/show_bug.cgi?id=787
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://bugs.exim.org/show_bug.cgi?id=787
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://bugs.exim.org/show_bug.cgi?id=787
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://bugs.exim.org/show_bug.cgi?id=787
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://openwall.com/lists/oss-security/2010/12/10/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://openwall.com/lists/oss-security/2010/12/10/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://openwall.com/lists/oss-security/2010/12/10/1
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://openwall.com/lists/oss-security/2010/12/10/1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=661756
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=661756
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=661756
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=661756
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/40019
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/40019
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://secunia.com/advisories/40019
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://secunia.com/advisories/40019
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/42576
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/42576
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://secunia.com/advisories/42576
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://secunia.com/advisories/42576
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/42586
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/42586
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://secunia.com/advisories/42586
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://secunia.com/advisories/42586
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/42587
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/42587
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://secunia.com/advisories/42587
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://secunia.com/advisories/42587
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/42589
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://secunia.com/advisories/42589
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://secunia.com/advisories/42589
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://secunia.com/advisories/42589
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2010-4344
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2010-4344
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2010-4344
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.debian.org/security/2010/dsa-2131
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.debian.org/security/2010/dsa-2131
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.debian.org/security/2010/dsa-2131
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.debian.org/security/2010/dsa-2131
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.kb.cert.org/vuls/id/682457
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.kb.cert.org/vuls/id/682457
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.kb.cert.org/vuls/id/682457
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.kb.cert.org/vuls/id/682457
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/05/04/7
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2021/05/04/7
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.openwall.com/lists/oss-security/2021/05/04/7
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.openwall.com/lists/oss-security/2021/05/04/7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.osvdb.org/69685
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.osvdb.org/69685
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.osvdb.org/69685
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.osvdb.org/69685
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.redhat.com/support/errata/RHSA-2010-0970.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.redhat.com/support/errata/RHSA-2010-0970.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.redhat.com/support/errata/RHSA-2010-0970.html
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.redhat.com/support/errata/RHSA-2010-0970.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/archive/1/515172/100/0/threaded
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/archive/1/515172/100/0/threaded
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.securityfocus.com/archive/1/515172/100/0/threaded
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.securityfocus.com/archive/1/515172/100/0/threaded
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/45308
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/45308
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.securityfocus.com/bid/45308
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.securityfocus.com/bid/45308
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securitytracker.com/id?1024858
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.securitytracker.com/id?1024858
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.securitytracker.com/id?1024858
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.securitytracker.com/id?1024858
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.ubuntu.com/usn/USN-1032-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.ubuntu.com/usn/USN-1032-1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.ubuntu.com/usn/USN-1032-1
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.ubuntu.com/usn/USN-1032-1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2010/3171
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2010/3171
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.vupen.com/english/advisories/2010/3171
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.vupen.com/english/advisories/2010/3171
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2010/3172
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2010/3172
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.vupen.com/english/advisories/2010/3172
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.vupen.com/english/advisories/2010/3172
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2010/3181
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2010/3181
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.vupen.com/english/advisories/2010/3181
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.vupen.com/english/advisories/2010/3181
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2010/3186
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2010/3186
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.vupen.com/english/advisories/2010/3186
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.vupen.com/english/advisories/2010/3186
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2010/3204
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2010/3204
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.vupen.com/english/advisories/2010/3204
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.vupen.com/english/advisories/2010/3204
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2010/3246
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2010/3246
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.vupen.com/english/advisories/2010/3246
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.vupen.com/english/advisories/2010/3246
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2010/3317
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.vupen.com/english/advisories/2010/3317
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.vupen.com/english/advisories/2010/3317
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:23:46Z/ Found at http://www.vupen.com/english/advisories/2010/3317
Exploit Prediction Scoring System (EPSS)
Percentile 0.97968
EPSS Score 0.57471
Published At March 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.