Vulnerability-Lookup

CVE-2016-9963 (GCVE-0-2016-9963)

Vulnerability from cvelistv5 – Published: 2017-02-01 15:00 – Updated: 2024-08-06 03:07

Summary

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

6 references

URL	Tags
http://www.debian.org/security/2016/dsa-3747	vendor-advisoryx_refsource_DEBIAN
http://www.exim.org/static/doc/CVE-2016-9963.txt	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-3164-1	vendor-advisoryx_refsource_UBUNTU
https://bugs.exim.org/show_bug.cgi?id=1996	x_refsource_CONFIRM
http://www.securitytracker.com/id/1037484	vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/94947	vdb-entryx_refsource_BID

Date Public

2016-12-15 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:07:31.347Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3747",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3747"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.exim.org/static/doc/CVE-2016-9963.txt"
          },
          {
            "name": "USN-3164-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3164-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.exim.org/show_bug.cgi?id=1996"
          },
          {
            "name": "1037484",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037484"
          },
          {
            "name": "94947",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94947"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-12-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-01T14:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-3747",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3747"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.exim.org/static/doc/CVE-2016-9963.txt"
        },
        {
          "name": "USN-3164-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3164-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.exim.org/show_bug.cgi?id=1996"
        },
        {
          "name": "1037484",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037484"
        },
        {
          "name": "94947",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94947"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9963",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3747",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3747"
            },
            {
              "name": "http://www.exim.org/static/doc/CVE-2016-9963.txt",
              "refsource": "CONFIRM",
              "url": "http://www.exim.org/static/doc/CVE-2016-9963.txt"
            },
            {
              "name": "USN-3164-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3164-1"
            },
            {
              "name": "https://bugs.exim.org/show_bug.cgi?id=1996",
              "refsource": "CONFIRM",
              "url": "https://bugs.exim.org/show_bug.cgi?id=1996"
            },
            {
              "name": "1037484",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037484"
            },
            {
              "name": "94947",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94947"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9963",
    "datePublished": "2017-02-01T15:00:00.000Z",
    "dateReserved": "2016-12-16T00:00:00.000Z",
    "dateUpdated": "2024-08-06T03:07:31.347Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2016-9963",
      "date": "2026-05-27",
      "epss": "0.01884",
      "percentile": "0.83425"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.87\", \"matchCriteriaId\": \"56A0CF3A-F573-436F-A6AB-707B3AC66F85\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AFB20FA-CB00-4729-AB3A-816454C6D096\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.\"}, {\"lang\": \"es\", \"value\": \"Exim en versiones anteriores a 4.87.1 podr\\u00edan permitir a atacantes remotos obtener la clave de firma DKIM privada a trav\\u00e9s de vectores relacionados con archivos de registro y mensajes de devoluci\\u00f3n.\"}]",
      "id": "CVE-2016-9963",
      "lastModified": "2024-11-21T03:02:05.483",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 4.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-02-01T15:59:00.270",
      "references": "[{\"url\": \"http://www.debian.org/security/2016/dsa-3747\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.exim.org/static/doc/CVE-2016-9963.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/94947\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037484\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-3164-1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.exim.org/show_bug.cgi?id=1996\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2016/dsa-3747\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.exim.org/static/doc/CVE-2016-9963.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/94947\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037484\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-3164-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.exim.org/show_bug.cgi?id=1996\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Mitigation\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-320\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-9963\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-02-01T15:59:00.270\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.\"},{\"lang\":\"es\",\"value\":\"Exim en versiones anteriores a 4.87.1 podr\u00edan permitir a atacantes remotos obtener la clave de firma DKIM privada a trav\u00e9s de vectores relacionados con archivos de registro y mensajes de devoluci\u00f3n.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:N/A:N\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-320\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.87\",\"matchCriteriaId\":\"56A0CF3A-F573-436F-A6AB-707B3AC66F85\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AFB20FA-CB00-4729-AB3A-816454C6D096\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}],\"references\":[{\"url\":\"http://www.debian.org/security/2016/dsa-3747\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.exim.org/static/doc/CVE-2016-9963.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94947\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037484\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-3164-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.exim.org/show_bug.cgi?id=1996\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3747\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.exim.org/static/doc/CVE-2016-9963.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94947\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037484\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-3164-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.exim.org/show_bug.cgi?id=1996\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2016-12888

Vulnerability from cnvd - Published: 2016-12-23

Title

Exim信息泄露漏洞

Description

Exim是英国剑桥大学开发的一个运行于Unix系统中的开源消息传送代理（MTA），它主要负责邮件的路由、转发和投递。 Exim存在信息泄露漏洞。攻击者可以利用此问题获取潜在的敏感信息。

Severity

中

Patch Name

Exim信息泄露漏洞的补丁

Patch Description

Exim是英国剑桥大学开发的一个运行于Unix系统中的开源消息传送代理（MTA），它主要负责邮件的路由、转发和投递。 Exim存在信息泄露漏洞。攻击者可以利用此问题获取潜在的敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： http://seclists.org/oss-sec/2016/q4/693

Reference

http://www.securityfocus.com/bid/94947

Impacted products

Name
Exim Exim >=4.69，<=4.87

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94947"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-9963"
    }
  },
  "description": "Exim\u662f\u82f1\u56fd\u5251\u6865\u5927\u5b66\u5f00\u53d1\u7684\u4e00\u4e2a\u8fd0\u884c\u4e8eUnix\u7cfb\u7edf\u4e2d\u7684\u5f00\u6e90\u6d88\u606f\u4f20\u9001\u4ee3\u7406\uff08MTA\uff09\uff0c\u5b83\u4e3b\u8981\u8d1f\u8d23\u90ae\u4ef6\u7684\u8def\u7531\u3001\u8f6c\u53d1\u548c\u6295\u9012\u3002\r\n\r\nExim\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002 \u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u95ee\u9898\u83b7\u53d6\u6f5c\u5728\u7684\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Jeremy Harris.",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://seclists.org/oss-sec/2016/q4/693",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-12888",
  "openTime": "2016-12-23",
  "patchDescription": "Exim\u662f\u82f1\u56fd\u5251\u6865\u5927\u5b66\u5f00\u53d1\u7684\u4e00\u4e2a\u8fd0\u884c\u4e8eUnix\u7cfb\u7edf\u4e2d\u7684\u5f00\u6e90\u6d88\u606f\u4f20\u9001\u4ee3\u7406\uff08MTA\uff09\uff0c\u5b83\u4e3b\u8981\u8d1f\u8d23\u90ae\u4ef6\u7684\u8def\u7531\u3001\u8f6c\u53d1\u548c\u6295\u9012\u3002\r\n\r\nExim\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002 \u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u95ee\u9898\u83b7\u53d6\u6f5c\u5728\u7684\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Exim\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Exim Exim \u003e=4.69\uff0c\u003c=4.87"
  },
  "referenceLink": "http://www.securityfocus.com/bid/94947",
  "serverity": "\u4e2d",
  "submitTime": "2016-12-19",
  "title": "Exim\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

FKIE_CVE-2016-9963

Vulnerability from fkie_nvd - Published: 2017-02-01 15:59 - Updated: 2026-05-13 00:24

Severity

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.

References

URL	Tags
cve@mitre.org	http://www.debian.org/security/2016/dsa-3747	Third Party Advisory
cve@mitre.org	http://www.exim.org/static/doc/CVE-2016-9963.txt	Mitigation, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/94947	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1037484	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.ubuntu.com/usn/USN-3164-1	Third Party Advisory
cve@mitre.org	https://bugs.exim.org/show_bug.cgi?id=1996	Issue Tracking, Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2016/dsa-3747	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.exim.org/static/doc/CVE-2016-9963.txt	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94947	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037484	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-3164-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugs.exim.org/show_bug.cgi?id=1996	Issue Tracking, Mitigation, Vendor Advisory

Impacted products

Vendor	Product	Version
exim	exim	*
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	16.10
debian	debian_linux	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "56A0CF3A-F573-436F-A6AB-707B3AC66F85",
              "versionEndIncluding": "4.87",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AFB20FA-CB00-4729-AB3A-816454C6D096",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages."
    },
    {
      "lang": "es",
      "value": "Exim en versiones anteriores a 4.87.1 podr\u00edan permitir a atacantes remotos obtener la clave de firma DKIM privada a trav\u00e9s de vectores relacionados con archivos de registro y mensajes de devoluci\u00f3n."
    }
  ],
  "id": "CVE-2016-9963",
  "lastModified": "2026-05-13T00:24:29.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-01T15:59:00.270",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3747"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://www.exim.org/static/doc/CVE-2016-9963.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94947"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037484"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-3164-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://bugs.exim.org/show_bug.cgi?id=1996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://www.exim.org/static/doc/CVE-2016-9963.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94947"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037484"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-3164-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://bugs.exim.org/show_bug.cgi?id=1996"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-320"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-QF64-F8R5-29M4

Vulnerability from github – Published: 2022-05-17 02:59 – Updated: 2022-05-17 02:59

Details

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.

Severity

5.9 (Medium)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-9963"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-01T15:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.",
  "id": "GHSA-qf64-f8r5-29m4",
  "modified": "2022-05-17T02:59:57Z",
  "published": "2022-05-17T02:59:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9963"
    },
    {
      "type": "WEB",
      "url": "https://bugs.exim.org/show_bug.cgi?id=1996"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3747"
    },
    {
      "type": "WEB",
      "url": "http://www.exim.org/static/doc/CVE-2016-9963.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94947"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037484"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-3164-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-9963

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.

Aliases

CVE-2016-9963

Aliases

CVE-2016-9963

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-9963",
    "description": "Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.",
    "id": "GSD-2016-9963",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-9963.html",
      "https://www.debian.org/security/2016/dsa-3747",
      "https://ubuntu.com/security/CVE-2016-9963",
      "https://security.archlinux.org/CVE-2016-9963",
      "https://alas.aws.amazon.com/cve/html/CVE-2016-9963.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-9963"
      ],
      "details": "Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.",
      "id": "GSD-2016-9963",
      "modified": "2023-12-13T01:21:21.399944Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-9963",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "DSA-3747",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2016/dsa-3747"
          },
          {
            "name": "http://www.exim.org/static/doc/CVE-2016-9963.txt",
            "refsource": "CONFIRM",
            "url": "http://www.exim.org/static/doc/CVE-2016-9963.txt"
          },
          {
            "name": "USN-3164-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-3164-1"
          },
          {
            "name": "https://bugs.exim.org/show_bug.cgi?id=1996",
            "refsource": "CONFIRM",
            "url": "https://bugs.exim.org/show_bug.cgi?id=1996"
          },
          {
            "name": "1037484",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037484"
          },
          {
            "name": "94947",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94947"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.87",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9963"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-320"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.exim.org/show_bug.cgi?id=1996",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://bugs.exim.org/show_bug.cgi?id=1996"
            },
            {
              "name": "USN-3164-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3164-1"
            },
            {
              "name": "1037484",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1037484"
            },
            {
              "name": "94947",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/94947"
            },
            {
              "name": "http://www.exim.org/static/doc/CVE-2016-9963.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "http://www.exim.org/static/doc/CVE-2016-9963.txt"
            },
            {
              "name": "DSA-3747",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3747"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-02-15T12:47Z",
      "publishedDate": "2017-02-01T15:59Z"
    }
  }
}

OPENSUSE-SU-2024:10746-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

exim-4.94.2-4.2 on GA media

Severity

Moderate

Notes

Title of the patch: exim-4.94.2-4.2 on GA media

Description of the patch: These are all security issues fixed in the exim-4.94.2-4.2 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-10746

CVE-2016-9963

5.9 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-1000369

4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2017-16943

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2017-16944

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-6789

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2019-10149

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2019-13917

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2019-15846

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2019-16928

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-12783

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-28007

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-28008

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-28009

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-28010

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-28011

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-28012

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-28013

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-28014

6.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-28015

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-28016

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-28017

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-28018

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-28019

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-28020

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-28021

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-28022

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-28023

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-28024

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-28025

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-28026

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2020-8015

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64	—	Vendor Fix

Threats

Impact important

References

98 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2016-9963/	self
https://www.suse.com/security/cve/CVE-2017-1000369/	self
https://www.suse.com/security/cve/CVE-2017-16943/	self
https://www.suse.com/security/cve/CVE-2017-16944/	self
https://www.suse.com/security/cve/CVE-2018-6789/	self
https://www.suse.com/security/cve/CVE-2019-10149/	self
https://www.suse.com/security/cve/CVE-2019-13917/	self
https://www.suse.com/security/cve/CVE-2019-15846/	self
https://www.suse.com/security/cve/CVE-2019-16928/	self
https://www.suse.com/security/cve/CVE-2020-12783/	self
https://www.suse.com/security/cve/CVE-2020-28007/	self
https://www.suse.com/security/cve/CVE-2020-28008/	self
https://www.suse.com/security/cve/CVE-2020-28009/	self
https://www.suse.com/security/cve/CVE-2020-28010/	self
https://www.suse.com/security/cve/CVE-2020-28011/	self
https://www.suse.com/security/cve/CVE-2020-28012/	self
https://www.suse.com/security/cve/CVE-2020-28013/	self
https://www.suse.com/security/cve/CVE-2020-28014/	self
https://www.suse.com/security/cve/CVE-2020-28015/	self
https://www.suse.com/security/cve/CVE-2020-28016/	self
https://www.suse.com/security/cve/CVE-2020-28017/	self
https://www.suse.com/security/cve/CVE-2020-28018/	self
https://www.suse.com/security/cve/CVE-2020-28019/	self
https://www.suse.com/security/cve/CVE-2020-28020/	self
https://www.suse.com/security/cve/CVE-2020-28021/	self
https://www.suse.com/security/cve/CVE-2020-28022/	self
https://www.suse.com/security/cve/CVE-2020-28023/	self
https://www.suse.com/security/cve/CVE-2020-28024/	self
https://www.suse.com/security/cve/CVE-2020-28025/	self
https://www.suse.com/security/cve/CVE-2020-28026/	self
https://www.suse.com/security/cve/CVE-2020-8015/	self
https://www.suse.com/security/cve/CVE-2016-9963	external
https://bugzilla.suse.com/1015930	external
https://bugzilla.suse.com/1053919	external
https://www.suse.com/security/cve/CVE-2017-1000369	external
https://bugzilla.suse.com/1037551	external
https://bugzilla.suse.com/1044692	external
https://www.suse.com/security/cve/CVE-2017-16943	external
https://bugzilla.suse.com/1069857	external
https://www.suse.com/security/cve/CVE-2017-16944	external
https://bugzilla.suse.com/1069859	external
https://www.suse.com/security/cve/CVE-2018-6789	external
https://bugzilla.suse.com/1079832	external
https://www.suse.com/security/cve/CVE-2019-10149	external
https://bugzilla.suse.com/1136587	external
https://www.suse.com/security/cve/CVE-2019-13917	external
https://bugzilla.suse.com/1142207	external
https://www.suse.com/security/cve/CVE-2019-15846	external
https://bugzilla.suse.com/1149182	external
https://www.suse.com/security/cve/CVE-2019-16928	external
https://bugzilla.suse.com/1152507	external
https://www.suse.com/security/cve/CVE-2020-12783	external
https://bugzilla.suse.com/1171490	external
https://www.suse.com/security/cve/CVE-2020-28007	external
https://bugzilla.suse.com/1185631	external
https://www.suse.com/security/cve/CVE-2020-28008	external
https://bugzilla.suse.com/1185631	external
https://www.suse.com/security/cve/CVE-2020-28009	external
https://bugzilla.suse.com/1185631	external
https://www.suse.com/security/cve/CVE-2020-28010	external
https://bugzilla.suse.com/1185631	external
https://www.suse.com/security/cve/CVE-2020-28011	external
https://bugzilla.suse.com/1185631	external
https://www.suse.com/security/cve/CVE-2020-28012	external
https://bugzilla.suse.com/1185631	external
https://www.suse.com/security/cve/CVE-2020-28013	external
https://bugzilla.suse.com/1185631	external
https://www.suse.com/security/cve/CVE-2020-28014	external
https://bugzilla.suse.com/1185631	external
https://www.suse.com/security/cve/CVE-2020-28015	external
https://bugzilla.suse.com/1185631	external
https://www.suse.com/security/cve/CVE-2020-28016	external
https://bugzilla.suse.com/1185631	external
https://www.suse.com/security/cve/CVE-2020-28017	external
https://bugzilla.suse.com/1185631	external
https://www.suse.com/security/cve/CVE-2020-28018	external
https://bugzilla.suse.com/1185631	external
https://www.suse.com/security/cve/CVE-2020-28019	external
https://bugzilla.suse.com/1185631	external
https://www.suse.com/security/cve/CVE-2020-28020	external
https://bugzilla.suse.com/1185631	external
https://www.suse.com/security/cve/CVE-2020-28021	external
https://bugzilla.suse.com/1185631	external
https://www.suse.com/security/cve/CVE-2020-28022	external
https://bugzilla.suse.com/1185631	external
https://www.suse.com/security/cve/CVE-2020-28023	external
https://bugzilla.suse.com/1185631	external
https://www.suse.com/security/cve/CVE-2020-28024	external
https://bugzilla.suse.com/1185631	external
https://www.suse.com/security/cve/CVE-2020-28025	external
https://bugzilla.suse.com/1185631	external
https://www.suse.com/security/cve/CVE-2020-28026	external
https://bugzilla.suse.com/1185631	external
https://www.suse.com/security/cve/CVE-2020-8015	external
https://bugzilla.suse.com/1154062	external
https://bugzilla.suse.com/1154183	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "exim-4.94.2-4.2 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the exim-4.94.2-4.2 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10746",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10746-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-9963 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-9963/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-1000369 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-1000369/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-16943 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-16943/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-16944 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-16944/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-6789 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-6789/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-10149 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-10149/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-13917 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-13917/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-15846 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-15846/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-16928 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-16928/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-12783 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-12783/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28007 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28007/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28008 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28008/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28009 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28009/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28010 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28010/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28011 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28011/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28012 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28012/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28013 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28013/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28014 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28014/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28015 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28015/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28016 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28016/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28017 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28017/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28018 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28018/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28019 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28019/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28020 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28020/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28021 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28021/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28022 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28022/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28023 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28023/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28024 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28024/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28025 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28025/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-28026 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-28026/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8015 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8015/"
      }
    ],
    "title": "exim-4.94.2-4.2 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10746-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "exim-4.94.2-4.2.aarch64",
                "product": {
                  "name": "exim-4.94.2-4.2.aarch64",
                  "product_id": "exim-4.94.2-4.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "eximon-4.94.2-4.2.aarch64",
                "product": {
                  "name": "eximon-4.94.2-4.2.aarch64",
                  "product_id": "eximon-4.94.2-4.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "eximstats-html-4.94.2-4.2.aarch64",
                "product": {
                  "name": "eximstats-html-4.94.2-4.2.aarch64",
                  "product_id": "eximstats-html-4.94.2-4.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "exim-4.94.2-4.2.ppc64le",
                "product": {
                  "name": "exim-4.94.2-4.2.ppc64le",
                  "product_id": "exim-4.94.2-4.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "eximon-4.94.2-4.2.ppc64le",
                "product": {
                  "name": "eximon-4.94.2-4.2.ppc64le",
                  "product_id": "eximon-4.94.2-4.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "eximstats-html-4.94.2-4.2.ppc64le",
                "product": {
                  "name": "eximstats-html-4.94.2-4.2.ppc64le",
                  "product_id": "eximstats-html-4.94.2-4.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "exim-4.94.2-4.2.s390x",
                "product": {
                  "name": "exim-4.94.2-4.2.s390x",
                  "product_id": "exim-4.94.2-4.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "eximon-4.94.2-4.2.s390x",
                "product": {
                  "name": "eximon-4.94.2-4.2.s390x",
                  "product_id": "eximon-4.94.2-4.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "eximstats-html-4.94.2-4.2.s390x",
                "product": {
                  "name": "eximstats-html-4.94.2-4.2.s390x",
                  "product_id": "eximstats-html-4.94.2-4.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "exim-4.94.2-4.2.x86_64",
                "product": {
                  "name": "exim-4.94.2-4.2.x86_64",
                  "product_id": "exim-4.94.2-4.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "eximon-4.94.2-4.2.x86_64",
                "product": {
                  "name": "eximon-4.94.2-4.2.x86_64",
                  "product_id": "eximon-4.94.2-4.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "eximstats-html-4.94.2-4.2.x86_64",
                "product": {
                  "name": "eximstats-html-4.94.2-4.2.x86_64",
                  "product_id": "eximstats-html-4.94.2-4.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "exim-4.94.2-4.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64"
        },
        "product_reference": "exim-4.94.2-4.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "exim-4.94.2-4.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le"
        },
        "product_reference": "exim-4.94.2-4.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "exim-4.94.2-4.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x"
        },
        "product_reference": "exim-4.94.2-4.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "exim-4.94.2-4.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64"
        },
        "product_reference": "exim-4.94.2-4.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eximon-4.94.2-4.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64"
        },
        "product_reference": "eximon-4.94.2-4.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eximon-4.94.2-4.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le"
        },
        "product_reference": "eximon-4.94.2-4.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eximon-4.94.2-4.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x"
        },
        "product_reference": "eximon-4.94.2-4.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eximon-4.94.2-4.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64"
        },
        "product_reference": "eximon-4.94.2-4.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eximstats-html-4.94.2-4.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64"
        },
        "product_reference": "eximstats-html-4.94.2-4.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eximstats-html-4.94.2-4.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le"
        },
        "product_reference": "eximstats-html-4.94.2-4.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eximstats-html-4.94.2-4.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x"
        },
        "product_reference": "eximstats-html-4.94.2-4.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "eximstats-html-4.94.2-4.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        },
        "product_reference": "eximstats-html-4.94.2-4.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-9963",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-9963"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-9963",
          "url": "https://www.suse.com/security/cve/CVE-2016-9963"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1015930 for CVE-2016-9963",
          "url": "https://bugzilla.suse.com/1015930"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1053919 for CVE-2016-9963",
          "url": "https://bugzilla.suse.com/1053919"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-9963"
    },
    {
      "cve": "CVE-2017-1000369",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-1000369"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim supports the use of multiple \"-p\" command line arguments which are malloc()\u0027ed and never free()\u0027ed, used in conjunction with other issues allows attackers to cause arbitrary code execution. This affects exim version 4.89 and earlier. Please note that at this time upstream has released a patch (commit 65e061b76867a9ea7aeeb535341b790b90ae6c21), but it is not known if a new point release is available that addresses this issue at this time.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-1000369",
          "url": "https://www.suse.com/security/cve/CVE-2017-1000369"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1037551 for CVE-2017-1000369",
          "url": "https://bugzilla.suse.com/1037551"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1044692 for CVE-2017-1000369",
          "url": "https://bugzilla.suse.com/1044692"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2017-1000369"
    },
    {
      "cve": "CVE-2017-16943",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-16943"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-16943",
          "url": "https://www.suse.com/security/cve/CVE-2017-16943"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1069857 for CVE-2017-16943",
          "url": "https://bugzilla.suse.com/1069857"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2017-16943"
    },
    {
      "cve": "CVE-2017-16944",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-16944"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a \u0027.\u0027 character signifying the end of the content, related to the bdat_getc function.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-16944",
          "url": "https://www.suse.com/security/cve/CVE-2017-16944"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1069859 for CVE-2017-16944",
          "url": "https://bugzilla.suse.com/1069859"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-16944"
    },
    {
      "cve": "CVE-2018-6789",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-6789"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sending a handcrafted message, a buffer overflow may happen. This can be used to execute code remotely.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-6789",
          "url": "https://www.suse.com/security/cve/CVE-2018-6789"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1079832 for CVE-2018-6789",
          "url": "https://bugzilla.suse.com/1079832"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2018-6789"
    },
    {
      "cve": "CVE-2019-10149",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-10149"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-10149",
          "url": "https://www.suse.com/security/cve/CVE-2019-10149"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1136587 for CVE-2019-10149",
          "url": "https://bugzilla.suse.com/1136587"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2019-10149"
    },
    {
      "cve": "CVE-2019-13917",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-13917"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-13917",
          "url": "https://www.suse.com/security/cve/CVE-2019-13917"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1142207 for CVE-2019-13917",
          "url": "https://bugzilla.suse.com/1142207"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2019-13917"
    },
    {
      "cve": "CVE-2019-15846",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-15846"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-15846",
          "url": "https://www.suse.com/security/cve/CVE-2019-15846"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149182 for CVE-2019-15846",
          "url": "https://bugzilla.suse.com/1149182"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2019-15846"
    },
    {
      "cve": "CVE-2019-16928",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-16928"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-16928",
          "url": "https://www.suse.com/security/cve/CVE-2019-16928"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1152507 for CVE-2019-16928",
          "url": "https://bugzilla.suse.com/1152507"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2019-16928"
    },
    {
      "cve": "CVE-2020-12783",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-12783"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-12783",
          "url": "https://www.suse.com/security/cve/CVE-2020-12783"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1171490 for CVE-2020-12783",
          "url": "https://bugzilla.suse.com/1171490"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-12783"
    },
    {
      "cve": "CVE-2020-28007",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28007"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28007",
          "url": "https://www.suse.com/security/cve/CVE-2020-28007"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185631 for CVE-2020-28007",
          "url": "https://bugzilla.suse.com/1185631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-28007"
    },
    {
      "cve": "CVE-2020-28008",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28008"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28008",
          "url": "https://www.suse.com/security/cve/CVE-2020-28008"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185631 for CVE-2020-28008",
          "url": "https://bugzilla.suse.com/1185631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-28008"
    },
    {
      "cve": "CVE-2020-28009",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28009"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow (multiple days).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28009",
          "url": "https://www.suse.com/security/cve/CVE-2020-28009"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185631 for CVE-2020-28009",
          "url": "https://bugzilla.suse.com/1185631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-28009"
    },
    {
      "cve": "CVE-2020-28010",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28010"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28010",
          "url": "https://www.suse.com/security/cve/CVE-2020-28010"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185631 for CVE-2020-28010",
          "url": "https://bugzilla.suse.com/1185631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-28010"
    },
    {
      "cve": "CVE-2020-28011",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28011"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28011",
          "url": "https://www.suse.com/security/cve/CVE-2020-28011"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185631 for CVE-2020-28011",
          "url": "https://bugzilla.suse.com/1185631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-28011"
    },
    {
      "cve": "CVE-2020-28012",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28012"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28012",
          "url": "https://www.suse.com/security/cve/CVE-2020-28012"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185631 for CVE-2020-28012",
          "url": "https://bugzilla.suse.com/1185631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-28012"
    },
    {
      "cve": "CVE-2020-28013",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28013"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles \"-F \u0027.(\u0027\" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28013",
          "url": "https://www.suse.com/security/cve/CVE-2020-28013"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185631 for CVE-2020-28013",
          "url": "https://bugzilla.suse.com/1185631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-28013"
    },
    {
      "cve": "CVE-2020-28014",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28014"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28014",
          "url": "https://www.suse.com/security/cve/CVE-2020-28014"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185631 for CVE-2020-28014",
          "url": "https://bugzilla.suse.com/1185631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-28014"
    },
    {
      "cve": "CVE-2020-28015",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28015"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28015",
          "url": "https://www.suse.com/security/cve/CVE-2020-28015"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185631 for CVE-2020-28015",
          "url": "https://bugzilla.suse.com/1185631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-28015"
    },
    {
      "cve": "CVE-2020-28016",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28016"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because \"-F \u0027\u0027\" is mishandled by parse_fix_phrase.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28016",
          "url": "https://www.suse.com/security/cve/CVE-2020-28016"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185631 for CVE-2020-28016",
          "url": "https://bugzilla.suse.com/1185631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-28016"
    },
    {
      "cve": "CVE-2020-28017",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28017"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28017",
          "url": "https://www.suse.com/security/cve/CVE-2020-28017"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185631 for CVE-2020-28017",
          "url": "https://bugzilla.suse.com/1185631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-28017"
    },
    {
      "cve": "CVE-2020-28018",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28018"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28018",
          "url": "https://www.suse.com/security/cve/CVE-2020-28018"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185631 for CVE-2020-28018",
          "url": "https://bugzilla.suse.com/1185631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-28018"
    },
    {
      "cve": "CVE-2020-28019",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28019"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28019",
          "url": "https://www.suse.com/security/cve/CVE-2020-28019"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185631 for CVE-2020-28019",
          "url": "https://bugzilla.suse.com/1185631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-28019"
    },
    {
      "cve": "CVE-2020-28020",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28020"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28020",
          "url": "https://www.suse.com/security/cve/CVE-2020-28020"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185631 for CVE-2020-28020",
          "url": "https://bugzilla.suse.com/1185631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-28020"
    },
    {
      "cve": "CVE-2020-28021",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28021"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28021",
          "url": "https://www.suse.com/security/cve/CVE-2020-28021"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185631 for CVE-2020-28021",
          "url": "https://bugzilla.suse.com/1185631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-28021"
    },
    {
      "cve": "CVE-2020-28022",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28022"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28022",
          "url": "https://www.suse.com/security/cve/CVE-2020-28022"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185631 for CVE-2020-28022",
          "url": "https://bugzilla.suse.com/1185631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-28022"
    },
    {
      "cve": "CVE-2020-28023",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28023"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28023",
          "url": "https://www.suse.com/security/cve/CVE-2020-28023"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185631 for CVE-2020-28023",
          "url": "https://bugzilla.suse.com/1185631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-28023"
    },
    {
      "cve": "CVE-2020-28024",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28024"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28024",
          "url": "https://www.suse.com/security/cve/CVE-2020-28024"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185631 for CVE-2020-28024",
          "url": "https://bugzilla.suse.com/1185631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-28024"
    },
    {
      "cve": "CVE-2020-28025",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28025"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig-\u003ebodyhash.len and b-\u003ebh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28025",
          "url": "https://www.suse.com/security/cve/CVE-2020-28025"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185631 for CVE-2020-28025",
          "url": "https://bugzilla.suse.com/1185631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-28025"
    },
    {
      "cve": "CVE-2020-28026",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-28026"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-28026",
          "url": "https://www.suse.com/security/cve/CVE-2020-28026"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1185631 for CVE-2020-28026",
          "url": "https://bugzilla.suse.com/1185631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-28026"
    },
    {
      "cve": "CVE-2020-8015",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8015"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
          "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8015",
          "url": "https://www.suse.com/security/cve/CVE-2020-8015"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1154062 for CVE-2020-8015",
          "url": "https://bugzilla.suse.com/1154062"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1154183 for CVE-2020-8015",
          "url": "https://bugzilla.suse.com/1154183"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:exim-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:exim-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximon-4.94.2-4.2.x86_64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.aarch64",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.ppc64le",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.s390x",
            "openSUSE Tumbleweed:eximstats-html-4.94.2-4.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-8015"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-9963 (GCVE-0-2016-9963)

CNVD-2016-12888

FKIE_CVE-2016-9963

GHSA-QF64-F8R5-29M4

GSD-2016-9963

OPENSUSE-SU-2024:10746-1

Tags

Sightings

Nomenclature