csaf_opensuse - opensuse-su-2024:10017-1

opensuse-su-2024:10017-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

exim-4.86.2-2.2 on GA media

Notes

Title of the patch

exim-4.86.2-2.2 on GA media

Description of the patch

These are all security issues fixed in the exim-4.86.2-2.2 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10017

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "exim-4.86.2-2.2 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the exim-4.86.2-2.2 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10017",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10017-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2010-2023 page",
        "url": "https://www.suse.com/security/cve/CVE-2010-2023/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2010-2024 page",
        "url": "https://www.suse.com/security/cve/CVE-2010-2024/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2010-4344 page",
        "url": "https://www.suse.com/security/cve/CVE-2010-4344/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2010-4345 page",
        "url": "https://www.suse.com/security/cve/CVE-2010-4345/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2011-0017 page",
        "url": "https://www.suse.com/security/cve/CVE-2011-0017/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2011-1407 page",
        "url": "https://www.suse.com/security/cve/CVE-2011-1407/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2011-1764 page",
        "url": "https://www.suse.com/security/cve/CVE-2011-1764/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2012-5671 page",
        "url": "https://www.suse.com/security/cve/CVE-2012-5671/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-2957 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-2957/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-2972 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-2972/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-1531 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-1531/"
      }
    ],
    "title": "exim-4.86.2-2.2 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10017-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "exim-4.86.2-2.2.aarch64",
                "product": {
                  "name": "exim-4.86.2-2.2.aarch64",
                  "product_id": "exim-4.86.2-2.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "eximon-4.86.2-2.2.aarch64",
                "product": {
                  "name": "eximon-4.86.2-2.2.aarch64",
                  "product_id": "eximon-4.86.2-2.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "eximstats-html-4.86.2-2.2.aarch64",
                "product": {
                  "name": "eximstats-html-4.86.2-2.2.aarch64",
                  "product_id": "eximstats-html-4.86.2-2.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "exim-4.86.2-2.2.ppc64le",
                "product": {
                  "name": "exim-4.86.2-2.2.ppc64le",
                  "product_id": "exim-4.86.2-2.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "eximon-4.86.2-2.2.ppc64le",
                "product": {
                  "name": "eximon-4.86.2-2.2.ppc64le",
                  "product_id": "eximon-4.86.2-2.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "eximstats-html-4.86.2-2.2.ppc64le",
                "product": {
                  "name": "eximstats-html-4.86.2-2.2.ppc64le",
                  "product_id": "eximstats-html-4.86.2-2.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "exim-4.86.2-2.2.s390x",
                "product": {
                  "name": "exim-4.86.2-2.2.s390x",
                  "product_id": "exim-4.86.2-2.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "eximon-4.86.2-2.2.s390x",
                "product": {
                  "name": "eximon-4.86.2-2.2.s390x",
                  "product_id": "eximon-4.86.2-2.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "eximstats-html-4.86.2-2.2.s390x",
                "product": {
                  "name": "eximstats-html-4.86.2-2.2.s390x",
                  "product_id": "eximstats-html-4.86.2-2.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "exim-4.86.2-2.2.x86_64",
                "product": {
                  "name": "exim-4.86.2-2.2.x86_64",
                  "product_id": "exim-4.86.2-2.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "eximon-4.86.2-2.2.x86_64",
                "product": {
                  "name": "eximon-4.86.2-2.2.x86_64",
                  "product_id": "eximon-4.86.2-2.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "eximstats-html-4.86.2-2.2.x86_64",
                "product": {
                  "name": "eximstats-html-4.86.2-2.2.x86_64",
                  "product_id": "eximstats-html-4.86.2-2.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "exim-4.86.2-2.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64"
        },
        "product_reference": "exim-4.86.2-2.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "exim-4.86.2-2.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le"
        },
        "product_reference": "exim-4.86.2-2.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "exim-4.86.2-2.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x"
        },
        "product_reference": "exim-4.86.2-2.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "exim-4.86.2-2.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64"
        },
        "product_reference": "exim-4.86.2-2.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eximon-4.86.2-2.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64"
        },
        "product_reference": "eximon-4.86.2-2.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eximon-4.86.2-2.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le"
        },
        "product_reference": "eximon-4.86.2-2.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eximon-4.86.2-2.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x"
        },
        "product_reference": "eximon-4.86.2-2.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eximon-4.86.2-2.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64"
        },
        "product_reference": "eximon-4.86.2-2.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eximstats-html-4.86.2-2.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64"
        },
        "product_reference": "eximstats-html-4.86.2-2.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eximstats-html-4.86.2-2.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le"
        },
        "product_reference": "eximstats-html-4.86.2-2.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eximstats-html-4.86.2-2.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x"
        },
        "product_reference": "eximstats-html-4.86.2-2.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eximstats-html-4.86.2-2.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
        },
        "product_reference": "eximstats-html-4.86.2-2.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2010-2023",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2010-2023"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user\u0027s file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2010-2023",
          "url": "https://www.suse.com/security/cve/CVE-2010-2023"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 612549 for CVE-2010-2023",
          "url": "https://bugzilla.suse.com/612549"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2010-2023"
    },
    {
      "cve": "CVE-2010-2024",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2010-2024"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2010-2024",
          "url": "https://www.suse.com/security/cve/CVE-2010-2024"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 612549 for CVE-2010-2024",
          "url": "https://bugzilla.suse.com/612549"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2010-2024"
    },
    {
      "cve": "CVE-2010-4344",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2010-4344"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2010-4344",
          "url": "https://www.suse.com/security/cve/CVE-2010-4344"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 658731 for CVE-2010-4344",
          "url": "https://bugzilla.suse.com/658731"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2010-4344"
    },
    {
      "cve": "CVE-2010-4345",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2010-4345"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2010-4345",
          "url": "https://www.suse.com/security/cve/CVE-2010-4345"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 658731 for CVE-2010-4345",
          "url": "https://bugzilla.suse.com/658731"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2010-4345"
    },
    {
      "cve": "CVE-2011-0017",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2011-0017"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2011-0017",
          "url": "https://www.suse.com/security/cve/CVE-2011-0017"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 668599 for CVE-2011-0017",
          "url": "https://bugzilla.suse.com/668599"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2011-0017"
    },
    {
      "cve": "CVE-2011-1407",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2011-1407"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2011-1407",
          "url": "https://www.suse.com/security/cve/CVE-2011-1407"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 694798 for CVE-2011-1407",
          "url": "https://bugzilla.suse.com/694798"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2011-1407"
    },
    {
      "cve": "CVE-2011-1764",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2011-1764"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2011-1764",
          "url": "https://www.suse.com/security/cve/CVE-2011-1764"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 692227 for CVE-2011-1764",
          "url": "https://bugzilla.suse.com/692227"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2011-1764"
    },
    {
      "cve": "CVE-2012-5671",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2012-5671"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to \"warn control = dkim_disable_verify,\" allows remote attackers to execute arbitrary code via an email from a malicious DNS server.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2012-5671",
          "url": "https://www.suse.com/security/cve/CVE-2012-5671"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 786652 for CVE-2012-5671",
          "url": "https://bugzilla.suse.com/786652"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2012-5671"
    },
    {
      "cve": "CVE-2014-2957",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-2957"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-2957",
          "url": "https://www.suse.com/security/cve/CVE-2014-2957"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2014-2957"
    },
    {
      "cve": "CVE-2014-2972",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-2972"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-2972",
          "url": "https://www.suse.com/security/cve/CVE-2014-2972"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 888520 for CVE-2014-2972",
          "url": "https://bugzilla.suse.com/888520"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-2972"
    },
    {
      "cve": "CVE-2016-1531",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-1531"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-1531",
          "url": "https://www.suse.com/security/cve/CVE-2016-1531"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968844 for CVE-2016-1531",
          "url": "https://bugzilla.suse.com/968844"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:exim-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximon-4.86.2-2.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.86.2-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-1531"
    }
  ]
}

CVE-2010-2024 (GCVE-0-2010-2024)

Vulnerability from cvelistv5

Published

2010-06-07 14:00

Modified

2024-08-07 02:17

Severity ?

CWE

Summary

transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.

References

►

URL

Tags

	http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html	mailing-list, x_refsource_FULLDISC
	https://bugzilla.redhat.com/show_bug.cgi?id=600097	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/1402	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/40454	vdb-entry, x_refsource_BID
	http://www.vupen.com/english/advisories/2011/0364	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/43243	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/59042	vdb-entry, x_refsource_XF
	http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.25&r2=1.26	x_refsource_CONFIRM
	http://secunia.com/advisories/40019	third-party-advisory, x_refsource_SECUNIA
	http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html	mailing-list, x_refsource_MLIST
	http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2	x_refsource_CONFIRM
	http://secunia.com/advisories/40123	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/511653/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-1060-1	vendor-advisory, x_refsource_UBUNTU
	http://bugs.exim.org/show_bug.cgi?id=989	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:17:14.464Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20100603 Multiple vulnerabilities in Exim",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=600097"
          },
          {
            "name": "ADV-2010-1402",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1402"
          },
          {
            "name": "40454",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/40454"
          },
          {
            "name": "ADV-2011-0364",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0364"
          },
          {
            "name": "43243",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43243"
          },
          {
            "name": "exim-mbx-symlink(59042)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59042"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.25\u0026r2=1.26"
          },
          {
            "name": "40019",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40019"
          },
          {
            "name": "[exim-dev] 20100524 Security issues in exim4 local delivery",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup\u0026pathrev=exim-4_72_RC2"
          },
          {
            "name": "40123",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40123"
          },
          {
            "name": "20100603 Multiple vulnerabilities in Exim",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/511653/100/0/threaded"
          },
          {
            "name": "FEDORA-2010-9524",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html"
          },
          {
            "name": "SUSE-SR:2010:014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
          },
          {
            "name": "USN-1060-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1060-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.exim.org/show_bug.cgi?id=989"
          },
          {
            "name": "FEDORA-2010-9506",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-05-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20100603 Multiple vulnerabilities in Exim",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=600097"
        },
        {
          "name": "ADV-2010-1402",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1402"
        },
        {
          "name": "40454",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/40454"
        },
        {
          "name": "ADV-2011-0364",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0364"
        },
        {
          "name": "43243",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43243"
        },
        {
          "name": "exim-mbx-symlink(59042)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59042"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.25\u0026r2=1.26"
        },
        {
          "name": "40019",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40019"
        },
        {
          "name": "[exim-dev] 20100524 Security issues in exim4 local delivery",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup\u0026pathrev=exim-4_72_RC2"
        },
        {
          "name": "40123",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40123"
        },
        {
          "name": "20100603 Multiple vulnerabilities in Exim",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/511653/100/0/threaded"
        },
        {
          "name": "FEDORA-2010-9524",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html"
        },
        {
          "name": "SUSE-SR:2010:014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
        },
        {
          "name": "USN-1060-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1060-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.exim.org/show_bug.cgi?id=989"
        },
        {
          "name": "FEDORA-2010-9506",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2024",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20100603 Multiple vulnerabilities in Exim",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=600097",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=600097"
            },
            {
              "name": "ADV-2010-1402",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1402"
            },
            {
              "name": "40454",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/40454"
            },
            {
              "name": "ADV-2011-0364",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0364"
            },
            {
              "name": "43243",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43243"
            },
            {
              "name": "exim-mbx-symlink(59042)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59042"
            },
            {
              "name": "http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.25\u0026r2=1.26",
              "refsource": "CONFIRM",
              "url": "http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.25\u0026r2=1.26"
            },
            {
              "name": "40019",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40019"
            },
            {
              "name": "[exim-dev] 20100524 Security issues in exim4 local delivery",
              "refsource": "MLIST",
              "url": "http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html"
            },
            {
              "name": "http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup\u0026pathrev=exim-4_72_RC2",
              "refsource": "CONFIRM",
              "url": "http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup\u0026pathrev=exim-4_72_RC2"
            },
            {
              "name": "40123",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40123"
            },
            {
              "name": "20100603 Multiple vulnerabilities in Exim",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/511653/100/0/threaded"
            },
            {
              "name": "FEDORA-2010-9524",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html"
            },
            {
              "name": "SUSE-SR:2010:014",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
            },
            {
              "name": "USN-1060-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1060-1"
            },
            {
              "name": "http://bugs.exim.org/show_bug.cgi?id=989",
              "refsource": "CONFIRM",
              "url": "http://bugs.exim.org/show_bug.cgi?id=989"
            },
            {
              "name": "FEDORA-2010-9506",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2024",
    "datePublished": "2010-06-07T14:00:00",
    "dateReserved": "2010-05-24T00:00:00",
    "dateUpdated": "2024-08-07T02:17:14.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-5671 (GCVE-0-2012-5671)

Vulnerability from cvelistv5

Published

2012-10-31 16:00

Modified

2024-08-06 21:14

Severity ?

CWE

Summary

Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.

References

►

URL

Tags

	http://secunia.com/advisories/51115	third-party-advisory, x_refsource_SECUNIA
	http://www.openwall.com/lists/oss-security/2012/10/26/5	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/51155	third-party-advisory, x_refsource_SECUNIA
	https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html	mailing-list, x_refsource_MLIST
	http://www.ubuntu.com/usn/USN-1618-1	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/51098	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090900.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090963.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/51153	third-party-advisory, x_refsource_SECUNIA
	http://osvdb.org/86616	vdb-entry, x_refsource_OSVDB
	http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00018.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/56285	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/79615	vdb-entry, x_refsource_XF
	http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091664.html	vendor-advisory, x_refsource_FEDORA
	http://www.debian.org/security/2012/dsa-2566	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:14:16.438Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "51115",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51115"
          },
          {
            "name": "[oss-security] 20121027 CVE-2012-5671: Exim \u003c= 4.80 DKIM heap-based buffer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/10/26/5"
          },
          {
            "name": "51155",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51155"
          },
          {
            "name": "[exim-announce] 20121026 Exim 4.80.1 Security Release",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html"
          },
          {
            "name": "USN-1618-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1618-1"
          },
          {
            "name": "51098",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51098"
          },
          {
            "name": "FEDORA-2012-17044",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090900.html"
          },
          {
            "name": "FEDORA-2012-17085",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090963.html"
          },
          {
            "name": "51153",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51153"
          },
          {
            "name": "86616",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/86616"
          },
          {
            "name": "openSUSE-SU-2012:1404",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00018.html"
          },
          {
            "name": "56285",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/56285"
          },
          {
            "name": "exim-dkimeximquerydnstxt-bo(79615)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79615"
          },
          {
            "name": "FEDORA-2012-16899",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091664.html"
          },
          {
            "name": "DSA-2566",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2566"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-10-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to \"warn control = dkim_disable_verify,\" allows remote attackers to execute arbitrary code via an email from a malicious DNS server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "51115",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51115"
        },
        {
          "name": "[oss-security] 20121027 CVE-2012-5671: Exim \u003c= 4.80 DKIM heap-based buffer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/10/26/5"
        },
        {
          "name": "51155",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51155"
        },
        {
          "name": "[exim-announce] 20121026 Exim 4.80.1 Security Release",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html"
        },
        {
          "name": "USN-1618-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1618-1"
        },
        {
          "name": "51098",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51098"
        },
        {
          "name": "FEDORA-2012-17044",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090900.html"
        },
        {
          "name": "FEDORA-2012-17085",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090963.html"
        },
        {
          "name": "51153",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51153"
        },
        {
          "name": "86616",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/86616"
        },
        {
          "name": "openSUSE-SU-2012:1404",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00018.html"
        },
        {
          "name": "56285",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/56285"
        },
        {
          "name": "exim-dkimeximquerydnstxt-bo(79615)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79615"
        },
        {
          "name": "FEDORA-2012-16899",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091664.html"
        },
        {
          "name": "DSA-2566",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2566"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-5671",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to \"warn control = dkim_disable_verify,\" allows remote attackers to execute arbitrary code via an email from a malicious DNS server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "51115",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51115"
            },
            {
              "name": "[oss-security] 20121027 CVE-2012-5671: Exim \u003c= 4.80 DKIM heap-based buffer overflow",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/10/26/5"
            },
            {
              "name": "51155",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51155"
            },
            {
              "name": "[exim-announce] 20121026 Exim 4.80.1 Security Release",
              "refsource": "MLIST",
              "url": "https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html"
            },
            {
              "name": "USN-1618-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1618-1"
            },
            {
              "name": "51098",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51098"
            },
            {
              "name": "FEDORA-2012-17044",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090900.html"
            },
            {
              "name": "FEDORA-2012-17085",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090963.html"
            },
            {
              "name": "51153",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51153"
            },
            {
              "name": "86616",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/86616"
            },
            {
              "name": "openSUSE-SU-2012:1404",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00018.html"
            },
            {
              "name": "56285",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/56285"
            },
            {
              "name": "exim-dkimeximquerydnstxt-bo(79615)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79615"
            },
            {
              "name": "FEDORA-2012-16899",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091664.html"
            },
            {
              "name": "DSA-2566",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2566"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-5671",
    "datePublished": "2012-10-31T16:00:00",
    "dateReserved": "2012-10-24T00:00:00",
    "dateUpdated": "2024-08-06T21:14:16.438Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-1531 (GCVE-0-2016-1531)

Vulnerability from cvelistv5

Published

2016-04-07 23:00

Modified

2024-08-05 23:02

Severity ?

CWE

Summary

Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.

References

►

URL

Tags

	http://www.debian.org/security/2016/dsa-3517	vendor-advisory, x_refsource_DEBIAN
	https://www.exploit-db.com/exploits/39535/	exploit, x_refsource_EXPLOIT-DB
	http://www.securitytracker.com/id/1035512	vdb-entry, x_refsource_SECTRACK
	http://packetstormsecurity.com/files/136124/Exim-4.84-3-Local-Root-Privilege-Escalation.html	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00026.html	vendor-advisory, x_refsource_SUSE
	https://www.exploit-db.com/exploits/39702/	exploit, x_refsource_EXPLOIT-DB
	http://www.ubuntu.com/usn/USN-2933-1	vendor-advisory, x_refsource_UBUNTU
	http://www.exim.org/static/doc/CVE-2016-1531.txt	x_refsource_CONFIRM
	http://www.rapid7.com/db/modules/exploit/unix/local/exim_perl_startup	x_refsource_MISC
	https://www.exploit-db.com/exploits/39549/	exploit, x_refsource_EXPLOIT-DB

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:02:11.867Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3517",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3517"
          },
          {
            "name": "39535",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39535/"
          },
          {
            "name": "1035512",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035512"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/136124/Exim-4.84-3-Local-Root-Privilege-Escalation.html"
          },
          {
            "name": "openSUSE-SU-2016:0721",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00026.html"
          },
          {
            "name": "39702",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39702/"
          },
          {
            "name": "USN-2933-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2933-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.exim.org/static/doc/CVE-2016-1531.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.rapid7.com/db/modules/exploit/unix/local/exim_perl_startup"
          },
          {
            "name": "39549",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39549/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T09:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "DSA-3517",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3517"
        },
        {
          "name": "39535",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39535/"
        },
        {
          "name": "1035512",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035512"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/136124/Exim-4.84-3-Local-Root-Privilege-Escalation.html"
        },
        {
          "name": "openSUSE-SU-2016:0721",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00026.html"
        },
        {
          "name": "39702",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39702/"
        },
        {
          "name": "USN-2933-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2933-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.exim.org/static/doc/CVE-2016-1531.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.rapid7.com/db/modules/exploit/unix/local/exim_perl_startup"
        },
        {
          "name": "39549",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39549/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-1531",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3517",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3517"
            },
            {
              "name": "39535",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/39535/"
            },
            {
              "name": "1035512",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035512"
            },
            {
              "name": "http://packetstormsecurity.com/files/136124/Exim-4.84-3-Local-Root-Privilege-Escalation.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/136124/Exim-4.84-3-Local-Root-Privilege-Escalation.html"
            },
            {
              "name": "openSUSE-SU-2016:0721",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00026.html"
            },
            {
              "name": "39702",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/39702/"
            },
            {
              "name": "USN-2933-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2933-1"
            },
            {
              "name": "http://www.exim.org/static/doc/CVE-2016-1531.txt",
              "refsource": "CONFIRM",
              "url": "http://www.exim.org/static/doc/CVE-2016-1531.txt"
            },
            {
              "name": "http://www.rapid7.com/db/modules/exploit/unix/local/exim_perl_startup",
              "refsource": "MISC",
              "url": "http://www.rapid7.com/db/modules/exploit/unix/local/exim_perl_startup"
            },
            {
              "name": "39549",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/39549/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-1531",
    "datePublished": "2016-04-07T23:00:00",
    "dateReserved": "2016-01-07T00:00:00",
    "dateUpdated": "2024-08-05T23:02:11.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-2957 (GCVE-0-2014-2957)

Vulnerability from cvelistv5

Published

2014-09-04 17:00

Modified

2024-08-06 10:28

Severity ?

CWE

Summary

The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.

References

►

URL

Tags

	https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.html	mailing-list, x_refsource_MLIST
	http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2021/05/04/7	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.230Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[exim-announce] 20140528 [exim] Exim 4.82.1 Security Release",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0"
          },
          {
            "name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-04T17:06:34",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "[exim-announce] 20140528 [exim] Exim 4.82.1 Security Release",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0"
        },
        {
          "name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2014-2957",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[exim-announce] 20140528 [exim] Exim 4.82.1 Security Release",
              "refsource": "MLIST",
              "url": "https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.html"
            },
            {
              "name": "http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0",
              "refsource": "CONFIRM",
              "url": "http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0"
            },
            {
              "name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2014-2957",
    "datePublished": "2014-09-04T17:00:00",
    "dateReserved": "2014-04-21T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.230Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-0017 (GCVE-0-2011-0017)

Vulnerability from cvelistv5

Published

2011-02-02 00:00

Modified

2024-08-06 21:36

Severity ?

CWE

Summary

The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.

References

►

URL

Tags

	http://secunia.com/advisories/43128	third-party-advisory, x_refsource_SECUNIA
	http://osvdb.org/70696	vdb-entry, x_refsource_OSVDB
	ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2011/0364	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/46065	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/43243	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/65028	vdb-entry, x_refsource_XF
	http://lists.exim.org/lurker/message/20110126.034702.4d69c278.en.html	mailing-list, x_refsource_MLIST
	http://www.vupen.com/english/advisories/2011/0224	vdb-entry, x_refsource_VUPEN
	http://www.debian.org/security/2011/dsa-2154	vendor-advisory, x_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html	vendor-advisory, x_refsource_SUSE
	http://www.vupen.com/english/advisories/2011/0464	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/43101	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2011/0245	vdb-entry, x_refsource_VUPEN
	http://www.ubuntu.com/usn/USN-1060-1	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:36:02.265Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "43128",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43128"
          },
          {
            "name": "70696",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/70696"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74"
          },
          {
            "name": "ADV-2011-0364",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0364"
          },
          {
            "name": "46065",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46065"
          },
          {
            "name": "43243",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43243"
          },
          {
            "name": "exim-openlog-privilege-escalation(65028)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65028"
          },
          {
            "name": "[exim-announce] 20110125 Exim 4.74 Release",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.exim.org/lurker/message/20110126.034702.4d69c278.en.html"
          },
          {
            "name": "ADV-2011-0224",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0224"
          },
          {
            "name": "DSA-2154",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2154"
          },
          {
            "name": "SUSE-SR:2011:004",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
          },
          {
            "name": "ADV-2011-0464",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0464"
          },
          {
            "name": "43101",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43101"
          },
          {
            "name": "ADV-2011-0245",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0245"
          },
          {
            "name": "USN-1060-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1060-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-01-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "43128",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43128"
        },
        {
          "name": "70696",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/70696"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74"
        },
        {
          "name": "ADV-2011-0364",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0364"
        },
        {
          "name": "46065",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46065"
        },
        {
          "name": "43243",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43243"
        },
        {
          "name": "exim-openlog-privilege-escalation(65028)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65028"
        },
        {
          "name": "[exim-announce] 20110125 Exim 4.74 Release",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.exim.org/lurker/message/20110126.034702.4d69c278.en.html"
        },
        {
          "name": "ADV-2011-0224",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0224"
        },
        {
          "name": "DSA-2154",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2154"
        },
        {
          "name": "SUSE-SR:2011:004",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html"
        },
        {
          "name": "ADV-2011-0464",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0464"
        },
        {
          "name": "43101",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43101"
        },
        {
          "name": "ADV-2011-0245",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0245"
        },
        {
          "name": "USN-1060-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1060-1"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-0017",
    "datePublished": "2011-02-02T00:00:00",
    "dateReserved": "2010-12-07T00:00:00",
    "dateUpdated": "2024-08-06T21:36:02.265Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-2972 (GCVE-0-2014-2972)

Vulnerability from cvelistv5

Published

2014-09-04 17:00

Modified

2024-08-06 10:28

Severity ?

CWE

Summary

expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value.

References

►

URL

Tags

	http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136264.html	vendor-advisory, x_refsource_FEDORA
	http://git.exim.org/exim.git/commitdiff/7685ce68148a083d7759e78d01aa5198fc099c44	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136251.html	vendor-advisory, x_refsource_FEDORA
	https://lists.exim.org/lurker/message/20140722.145949.42c043f5.en.html	mailing-list, x_refsource_MLIST
	https://lists.exim.org/lurker/message/20140722.152452.d6c019e8.en.html	mailing-list, x_refsource_MLIST
	https://security.gentoo.org/glsa/201607-12	vendor-advisory, x_refsource_GENTOO
	http://www.ubuntu.com/usn/USN-2933-1	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1122552	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.371Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2014-8865",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136264.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.exim.org/exim.git/commitdiff/7685ce68148a083d7759e78d01aa5198fc099c44"
          },
          {
            "name": "FEDORA-2014-8803",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136251.html"
          },
          {
            "name": "[exim] 20140722 [exim] Exim 4.83 Released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.exim.org/lurker/message/20140722.145949.42c043f5.en.html"
          },
          {
            "name": "[exim] 20140722 [exim] Exim Security Advisory CVE-2014-2972",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.exim.org/lurker/message/20140722.152452.d6c019e8.en.html"
          },
          {
            "name": "GLSA-201607-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201607-12"
          },
          {
            "name": "USN-2933-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2933-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1122552"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-30T18:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "FEDORA-2014-8865",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136264.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.exim.org/exim.git/commitdiff/7685ce68148a083d7759e78d01aa5198fc099c44"
        },
        {
          "name": "FEDORA-2014-8803",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136251.html"
        },
        {
          "name": "[exim] 20140722 [exim] Exim 4.83 Released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.exim.org/lurker/message/20140722.145949.42c043f5.en.html"
        },
        {
          "name": "[exim] 20140722 [exim] Exim Security Advisory CVE-2014-2972",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.exim.org/lurker/message/20140722.152452.d6c019e8.en.html"
        },
        {
          "name": "GLSA-201607-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201607-12"
        },
        {
          "name": "USN-2933-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2933-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1122552"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2014-2972",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2014-8865",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136264.html"
            },
            {
              "name": "http://git.exim.org/exim.git/commitdiff/7685ce68148a083d7759e78d01aa5198fc099c44",
              "refsource": "CONFIRM",
              "url": "http://git.exim.org/exim.git/commitdiff/7685ce68148a083d7759e78d01aa5198fc099c44"
            },
            {
              "name": "FEDORA-2014-8803",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136251.html"
            },
            {
              "name": "[exim] 20140722 [exim] Exim 4.83 Released",
              "refsource": "MLIST",
              "url": "https://lists.exim.org/lurker/message/20140722.145949.42c043f5.en.html"
            },
            {
              "name": "[exim] 20140722 [exim] Exim Security Advisory CVE-2014-2972",
              "refsource": "MLIST",
              "url": "https://lists.exim.org/lurker/message/20140722.152452.d6c019e8.en.html"
            },
            {
              "name": "GLSA-201607-12",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201607-12"
            },
            {
              "name": "USN-2933-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2933-1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1122552",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1122552"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2014-2972",
    "datePublished": "2014-09-04T17:00:00",
    "dateReserved": "2014-04-21T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1764 (GCVE-0-2011-1764)

Vulnerability from cvelistv5

Published

2011-10-05 01:00

Modified

2024-08-06 22:37

Severity ?

CWE

Summary

Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.

References

►

URL

Tags

	http://secunia.com/advisories/51155	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2011/dsa-2232	vendor-advisory, x_refsource_DEBIAN
	http://git.exim.org/exim.git/commit/337e3505b0e6cd4309db6bf6062b33fa56e06cf8	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=702474	x_refsource_CONFIRM
	http://bugs.exim.org/show_bug.cgi?id=1106	x_refsource_CONFIRM
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:37:25.837Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "51155",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51155"
          },
          {
            "name": "SUSE-SR:2011:009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
          },
          {
            "name": "DSA-2232",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2232"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.exim.org/exim.git/commit/337e3505b0e6cd4309db6bf6062b33fa56e06cf8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=702474"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.exim.org/show_bug.cgi?id=1106"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-02-10T16:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "51155",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51155"
        },
        {
          "name": "SUSE-SR:2011:009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
        },
        {
          "name": "DSA-2232",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2232"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.exim.org/exim.git/commit/337e3505b0e6cd4309db6bf6062b33fa56e06cf8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=702474"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.exim.org/show_bug.cgi?id=1106"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-1764",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "51155",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51155"
            },
            {
              "name": "SUSE-SR:2011:009",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
            },
            {
              "name": "DSA-2232",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2232"
            },
            {
              "name": "http://git.exim.org/exim.git/commit/337e3505b0e6cd4309db6bf6062b33fa56e06cf8",
              "refsource": "CONFIRM",
              "url": "http://git.exim.org/exim.git/commit/337e3505b0e6cd4309db6bf6062b33fa56e06cf8"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=702474",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=702474"
            },
            {
              "name": "http://bugs.exim.org/show_bug.cgi?id=1106",
              "refsource": "CONFIRM",
              "url": "http://bugs.exim.org/show_bug.cgi?id=1106"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624670"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1764",
    "datePublished": "2011-10-05T01:00:00",
    "dateReserved": "2011-04-19T00:00:00",
    "dateUpdated": "2024-08-06T22:37:25.837Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-4344 (GCVE-0-2010-4344)

Vulnerability from cvelistv5

Published

2010-12-14 15:00

Modified

2025-07-30 01:47

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Summary

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.

References

►

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html	mailing-list, x_refsource_MLIST
	http://bugs.exim.org/show_bug.cgi?id=787	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1024858	vdb-entry, x_refsource_SECTRACK
	http://www.redhat.com/support/errata/RHSA-2010-0970.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2010/3186	vdb-entry, x_refsource_VUPEN
	http://www.securityfocus.com/bid/45308	vdb-entry, x_refsource_BID
	http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format	x_refsource_MISC
	http://atmail.com/blog/2010/atmail-6204-now-available/	x_refsource_CONFIRM
	http://secunia.com/advisories/42576	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/42587	third-party-advisory, x_refsource_SECUNIA
	https://bugzilla.redhat.com/show_bug.cgi?id=661756	x_refsource_CONFIRM
	http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/40019	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/3172	vdb-entry, x_refsource_VUPEN
	http://www.kb.cert.org/vuls/id/682457	third-party-advisory, x_refsource_CERT-VN
	http://www.vupen.com/english/advisories/2010/3181	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/42586	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/3317	vdb-entry, x_refsource_VUPEN
	http://www.ubuntu.com/usn/USN-1032-1	vendor-advisory, x_refsource_UBUNTU
	http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html	x_refsource_CONFIRM
	http://www.osvdb.org/69685	vdb-entry, x_refsource_OSVDB
	http://www.securityfocus.com/archive/1/515172/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/	x_refsource_MISC
	http://www.vupen.com/english/advisories/2010/3246	vdb-entry, x_refsource_VUPEN
	ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/3204	vdb-entry, x_refsource_VUPEN
	http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b	x_refsource_CONFIRM
	http://www.debian.org/security/2010/dsa-2131	vendor-advisory, x_refsource_DEBIAN
	http://www.vupen.com/english/advisories/2010/3171	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/42589	third-party-advisory, x_refsource_SECUNIA
	http://openwall.com/lists/oss-security/2010/12/10/1	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/05/04/7	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:43:14.654Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SA:2010:059",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html"
          },
          {
            "name": "[exim-dev] 20101207 Remote root vulnerability in Exim",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.exim.org/show_bug.cgi?id=787"
          },
          {
            "name": "1024858",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024858"
          },
          {
            "name": "RHSA-2010:0970",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0970.html"
          },
          {
            "name": "ADV-2010-3186",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3186"
          },
          {
            "name": "45308",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45308"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://atmail.com/blog/2010/atmail-6204-now-available/"
          },
          {
            "name": "42576",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42576"
          },
          {
            "name": "42587",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42587"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=661756"
          },
          {
            "name": "[exim-dev] 20101210 Re: Remote root vulnerability in Exim",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html"
          },
          {
            "name": "40019",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40019"
          },
          {
            "name": "ADV-2010-3172",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3172"
          },
          {
            "name": "VU#682457",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/682457"
          },
          {
            "name": "ADV-2010-3181",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3181"
          },
          {
            "name": "42586",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42586"
          },
          {
            "name": "ADV-2010-3317",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3317"
          },
          {
            "name": "USN-1032-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1032-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html"
          },
          {
            "name": "69685",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/69685"
          },
          {
            "name": "20101213 Exim security issue in historical release",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/515172/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/"
          },
          {
            "name": "ADV-2010-3246",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3246"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70"
          },
          {
            "name": "ADV-2010-3204",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3204"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b"
          },
          {
            "name": "DSA-2131",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2131"
          },
          {
            "name": "ADV-2010-3171",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3171"
          },
          {
            "name": "42589",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42589"
          },
          {
            "name": "[oss-security] 20101210 Exim remote root",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2010/12/10/1"
          },
          {
            "name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2010-4344",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T13:23:46.584337Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4344"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:47:03.322Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-25T00:00:00+00:00",
            "value": "CVE-2010-4344 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-12-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-04T17:06:38.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SA:2010:059",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html"
        },
        {
          "name": "[exim-dev] 20101207 Remote root vulnerability in Exim",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.exim.org/show_bug.cgi?id=787"
        },
        {
          "name": "1024858",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024858"
        },
        {
          "name": "RHSA-2010:0970",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0970.html"
        },
        {
          "name": "ADV-2010-3186",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3186"
        },
        {
          "name": "45308",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45308"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://atmail.com/blog/2010/atmail-6204-now-available/"
        },
        {
          "name": "42576",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42576"
        },
        {
          "name": "42587",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42587"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=661756"
        },
        {
          "name": "[exim-dev] 20101210 Re: Remote root vulnerability in Exim",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html"
        },
        {
          "name": "40019",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40019"
        },
        {
          "name": "ADV-2010-3172",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3172"
        },
        {
          "name": "VU#682457",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/682457"
        },
        {
          "name": "ADV-2010-3181",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3181"
        },
        {
          "name": "42586",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42586"
        },
        {
          "name": "ADV-2010-3317",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3317"
        },
        {
          "name": "USN-1032-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1032-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html"
        },
        {
          "name": "69685",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/69685"
        },
        {
          "name": "20101213 Exim security issue in historical release",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/515172/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/"
        },
        {
          "name": "ADV-2010-3246",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3246"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.70"
        },
        {
          "name": "ADV-2010-3204",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3204"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.exim.org/exim.git/commit/24c929a27415c7cfc7126c47e4cad39acf3efa6b"
        },
        {
          "name": "DSA-2131",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2131"
        },
        {
          "name": "ADV-2010-3171",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3171"
        },
        {
          "name": "42589",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42589"
        },
        {
          "name": "[oss-security] 20101210 Exim remote root",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2010/12/10/1"
        },
        {
          "name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-4344",
    "datePublished": "2010-12-14T15:00:00.000Z",
    "dateReserved": "2010-11-30T00:00:00.000Z",
    "dateUpdated": "2025-07-30T01:47:03.322Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-2023 (GCVE-0-2010-2023)

Vulnerability from cvelistv5

Published

2010-06-07 14:00

Modified

2024-08-07 02:17

Severity ?

CWE

Summary

transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.

References

►

URL

Tags

	http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html	mailing-list, x_refsource_FULLDISC
	http://www.securityfocus.com/bid/40451	vdb-entry, x_refsource_BID
	http://www.vupen.com/english/advisories/2010/1402	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2011/0364	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/43243	third-party-advisory, x_refsource_SECUNIA
	http://bugs.exim.org/show_bug.cgi?id=988	x_refsource_CONFIRM
	http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.24&r2=1.25	x_refsource_CONFIRM
	http://secunia.com/advisories/40019	third-party-advisory, x_refsource_SECUNIA
	http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html	mailing-list, x_refsource_MLIST
	http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup&pathrev=exim-4_72_RC2	x_refsource_CONFIRM
	http://secunia.com/advisories/40123	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/511653/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	https://bugzilla.redhat.com/show_bug.cgi?id=600093	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-1060-1	vendor-advisory, x_refsource_UBUNTU
	https://exchange.xforce.ibmcloud.com/vulnerabilities/59043	vdb-entry, x_refsource_XF
	http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T02:17:13.771Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20100603 Multiple vulnerabilities in Exim",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html"
          },
          {
            "name": "40451",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/40451"
          },
          {
            "name": "ADV-2010-1402",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1402"
          },
          {
            "name": "ADV-2011-0364",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0364"
          },
          {
            "name": "43243",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43243"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.exim.org/show_bug.cgi?id=988"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.24\u0026r2=1.25"
          },
          {
            "name": "40019",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40019"
          },
          {
            "name": "[exim-dev] 20100524 Security issues in exim4 local delivery",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup\u0026pathrev=exim-4_72_RC2"
          },
          {
            "name": "40123",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40123"
          },
          {
            "name": "20100603 Multiple vulnerabilities in Exim",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/511653/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=600093"
          },
          {
            "name": "FEDORA-2010-9524",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html"
          },
          {
            "name": "SUSE-SR:2010:014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
          },
          {
            "name": "USN-1060-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1060-1"
          },
          {
            "name": "exim-mail-directory-priv-escalation(59043)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59043"
          },
          {
            "name": "FEDORA-2010-9506",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-05-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user\u0027s file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20100603 Multiple vulnerabilities in Exim",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html"
        },
        {
          "name": "40451",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/40451"
        },
        {
          "name": "ADV-2010-1402",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1402"
        },
        {
          "name": "ADV-2011-0364",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0364"
        },
        {
          "name": "43243",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43243"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.exim.org/show_bug.cgi?id=988"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.24\u0026r2=1.25"
        },
        {
          "name": "40019",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40019"
        },
        {
          "name": "[exim-dev] 20100524 Security issues in exim4 local delivery",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup\u0026pathrev=exim-4_72_RC2"
        },
        {
          "name": "40123",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40123"
        },
        {
          "name": "20100603 Multiple vulnerabilities in Exim",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/511653/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=600093"
        },
        {
          "name": "FEDORA-2010-9524",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html"
        },
        {
          "name": "SUSE-SR:2010:014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
        },
        {
          "name": "USN-1060-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1060-1"
        },
        {
          "name": "exim-mail-directory-priv-escalation(59043)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59043"
        },
        {
          "name": "FEDORA-2010-9506",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-2023",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user\u0027s file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20100603 Multiple vulnerabilities in Exim",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0079.html"
            },
            {
              "name": "40451",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/40451"
            },
            {
              "name": "ADV-2010-1402",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1402"
            },
            {
              "name": "ADV-2011-0364",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0364"
            },
            {
              "name": "43243",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43243"
            },
            {
              "name": "http://bugs.exim.org/show_bug.cgi?id=988",
              "refsource": "CONFIRM",
              "url": "http://bugs.exim.org/show_bug.cgi?id=988"
            },
            {
              "name": "http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.24\u0026r2=1.25",
              "refsource": "CONFIRM",
              "url": "http://vcs.exim.org/viewvc/exim/exim-src/src/transports/appendfile.c?r1=1.24\u0026r2=1.25"
            },
            {
              "name": "40019",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40019"
            },
            {
              "name": "[exim-dev] 20100524 Security issues in exim4 local delivery",
              "refsource": "MLIST",
              "url": "http://lists.exim.org/lurker/message/20100524.175925.9a69f755.en.html"
            },
            {
              "name": "http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup\u0026pathrev=exim-4_72_RC2",
              "refsource": "CONFIRM",
              "url": "http://vcs.exim.org/viewvc/exim/exim-doc/doc-txt/ChangeLog?view=markup\u0026pathrev=exim-4_72_RC2"
            },
            {
              "name": "40123",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40123"
            },
            {
              "name": "20100603 Multiple vulnerabilities in Exim",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/511653/100/0/threaded"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=600093",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=600093"
            },
            {
              "name": "FEDORA-2010-9524",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042613.html"
            },
            {
              "name": "SUSE-SR:2010:014",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
            },
            {
              "name": "USN-1060-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1060-1"
            },
            {
              "name": "exim-mail-directory-priv-escalation(59043)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59043"
            },
            {
              "name": "FEDORA-2010-9506",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042587.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-2023",
    "datePublished": "2010-06-07T14:00:00",
    "dateReserved": "2010-05-24T00:00:00",
    "dateUpdated": "2024-08-07T02:17:13.771Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2010-4345 (GCVE-0-2010-4345)

Vulnerability from cvelistv5

Published

2010-12-14 15:00

Modified

2025-07-30 01:47

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Summary

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.

References

►

URL

Tags

	http://secunia.com/advisories/43128	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html	mailing-list, x_refsource_MLIST
	http://www.kb.cert.org/vuls/id/758489	third-party-advisory, x_refsource_CERT-VN
	http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=662012	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2011/0364	vdb-entry, x_refsource_VUPEN
	http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format	x_refsource_MISC
	http://www.redhat.com/support/errata/RHSA-2011-0153.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/45341	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/42930	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/42576	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/43243	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1024859	vdb-entry, x_refsource_SECTRACK
	http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html	mailing-list, x_refsource_MLIST
	http://www.debian.org/security/2011/dsa-2154	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/archive/1/515172/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/	x_refsource_MISC
	http://www.vupen.com/english/advisories/2011/0245	vdb-entry, x_refsource_VUPEN
	http://www.vupen.com/english/advisories/2011/0135	vdb-entry, x_refsource_VUPEN
	http://www.ubuntu.com/usn/USN-1060-1	vendor-advisory, x_refsource_UBUNTU
	http://www.vupen.com/english/advisories/2010/3204	vdb-entry, x_refsource_VUPEN
	http://bugs.exim.org/show_bug.cgi?id=1044	x_refsource_CONFIRM
	http://www.debian.org/security/2010/dsa-2131	vendor-advisory, x_refsource_DEBIAN
	http://www.vupen.com/english/advisories/2010/3171	vdb-entry, x_refsource_VUPEN
	http://www.cpanel.net/2010/12/critical-exim-security-update.html	x_refsource_CONFIRM
	http://openwall.com/lists/oss-security/2010/12/10/1	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/05/04/7	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:43:14.742Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "43128",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43128"
          },
          {
            "name": "SUSE-SA:2010:059",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html"
          },
          {
            "name": "[exim-dev] 20101209 Re: [Exim-maintainers] Remote root vulnerability in Exim",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html"
          },
          {
            "name": "VU#758489",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/758489"
          },
          {
            "name": "[exim-dev] 20101207 Remote root vulnerability in Exim",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=662012"
          },
          {
            "name": "ADV-2011-0364",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0364"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format"
          },
          {
            "name": "RHSA-2011:0153",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-0153.html"
          },
          {
            "name": "45341",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/45341"
          },
          {
            "name": "42930",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42930"
          },
          {
            "name": "42576",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42576"
          },
          {
            "name": "43243",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43243"
          },
          {
            "name": "1024859",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024859"
          },
          {
            "name": "[exim-dev] 20101210 Re: Remote root vulnerability in Exim",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html"
          },
          {
            "name": "DSA-2154",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2154"
          },
          {
            "name": "20101213 Exim security issue in historical release",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/515172/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/"
          },
          {
            "name": "ADV-2011-0245",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0245"
          },
          {
            "name": "ADV-2011-0135",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0135"
          },
          {
            "name": "USN-1060-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1060-1"
          },
          {
            "name": "ADV-2010-3204",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3204"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.exim.org/show_bug.cgi?id=1044"
          },
          {
            "name": "DSA-2131",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2131"
          },
          {
            "name": "ADV-2010-3171",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3171"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.cpanel.net/2010/12/critical-exim-security-update.html"
          },
          {
            "name": "[oss-security] 20101210 Exim remote root",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2010/12/10/1"
          },
          {
            "name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2010-4345",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T13:24:14.950730Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-4345"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-77",
                "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:47:02.836Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-25T00:00:00+00:00",
            "value": "CVE-2010-4345 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-12-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-04T17:06:32.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "43128",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43128"
        },
        {
          "name": "SUSE-SA:2010:059",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html"
        },
        {
          "name": "[exim-dev] 20101209 Re: [Exim-maintainers] Remote root vulnerability in Exim",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html"
        },
        {
          "name": "VU#758489",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/758489"
        },
        {
          "name": "[exim-dev] 20101207 Remote root vulnerability in Exim",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=662012"
        },
        {
          "name": "ADV-2011-0364",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0364"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format"
        },
        {
          "name": "RHSA-2011:0153",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-0153.html"
        },
        {
          "name": "45341",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/45341"
        },
        {
          "name": "42930",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42930"
        },
        {
          "name": "42576",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42576"
        },
        {
          "name": "43243",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43243"
        },
        {
          "name": "1024859",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024859"
        },
        {
          "name": "[exim-dev] 20101210 Re: Remote root vulnerability in Exim",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html"
        },
        {
          "name": "DSA-2154",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2154"
        },
        {
          "name": "20101213 Exim security issue in historical release",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/515172/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/"
        },
        {
          "name": "ADV-2011-0245",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0245"
        },
        {
          "name": "ADV-2011-0135",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0135"
        },
        {
          "name": "USN-1060-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1060-1"
        },
        {
          "name": "ADV-2010-3204",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3204"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.exim.org/show_bug.cgi?id=1044"
        },
        {
          "name": "DSA-2131",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2131"
        },
        {
          "name": "ADV-2010-3171",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3171"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.cpanel.net/2010/12/critical-exim-security-update.html"
        },
        {
          "name": "[oss-security] 20101210 Exim remote root",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2010/12/10/1"
        },
        {
          "name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-4345",
    "datePublished": "2010-12-14T15:00:00.000Z",
    "dateReserved": "2010-11-30T00:00:00.000Z",
    "dateUpdated": "2025-07-30T01:47:02.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2011-1407 (GCVE-0-2011-1407)

Vulnerability from cvelistv5

Published

2011-05-16 18:00

Modified

2024-08-06 22:28

Severity ?

CWE

Summary

The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.

References

►

URL

Tags

	http://www.ubuntu.com/usn/USN-1135-1	vendor-advisory, x_refsource_UBUNTU
	https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html	mailing-list, x_refsource_MLIST
	http://www.debian.org/security/2011/dsa-2236	vendor-advisory, x_refsource_DEBIAN
	https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.html	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/47836	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:40.995Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-1135-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1135-1"
          },
          {
            "name": "[exim-announce] 20110512 Exim 4.76 Release: updated impact assessment",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html"
          },
          {
            "name": "DSA-2236",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2236"
          },
          {
            "name": "[exim-announce] 20110509 Exim 4.76 Release",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.html"
          },
          {
            "name": "47836",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47836"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-09-07T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-1135-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1135-1"
        },
        {
          "name": "[exim-announce] 20110512 Exim 4.76 Release: updated impact assessment",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html"
        },
        {
          "name": "DSA-2236",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2236"
        },
        {
          "name": "[exim-announce] 20110509 Exim 4.76 Release",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.html"
        },
        {
          "name": "47836",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47836"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1407",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-1135-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1135-1"
            },
            {
              "name": "[exim-announce] 20110512 Exim 4.76 Release: updated impact assessment",
              "refsource": "MLIST",
              "url": "https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html"
            },
            {
              "name": "DSA-2236",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2236"
            },
            {
              "name": "[exim-announce] 20110509 Exim 4.76 Release",
              "refsource": "MLIST",
              "url": "https://lists.exim.org/lurker/message/20110509.091632.daed0206.en.html"
            },
            {
              "name": "47836",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47836"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1407",
    "datePublished": "2011-05-16T18:00:00",
    "dateReserved": "2011-03-10T00:00:00",
    "dateUpdated": "2024-08-06T22:28:40.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2024:10017-1

Vulnerability from csaf_opensuse

CVE-2010-2024 (GCVE-0-2010-2024)

Vulnerability from cvelistv5

CVE-2012-5671 (GCVE-0-2012-5671)

Vulnerability from cvelistv5

CVE-2016-1531 (GCVE-0-2016-1531)

Vulnerability from cvelistv5

CVE-2014-2957 (GCVE-0-2014-2957)

Vulnerability from cvelistv5

CVE-2011-0017 (GCVE-0-2011-0017)

Vulnerability from cvelistv5

CVE-2014-2972 (GCVE-0-2014-2972)

Vulnerability from cvelistv5

CVE-2011-1764 (GCVE-0-2011-1764)

Vulnerability from cvelistv5

CVE-2010-4344 (GCVE-0-2010-4344)

Vulnerability from cvelistv5

CVE-2010-2023 (GCVE-0-2010-2023)

Vulnerability from cvelistv5

CVE-2010-4345 (GCVE-0-2010-4345)

Vulnerability from cvelistv5

CVE-2011-1407 (GCVE-0-2011-1407)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature