Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 SP1 package libspf2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2020-28024 — CVSS 9.8 (critical): Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because…
CVE-2019-13917 — CVSS 9.8 (critical): Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort }…
CVE-2020-28026 — CVSS 9.8 (critical): Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status…
CVE-2020-28017 — CVSS 9.8 (critical): Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million…
CVE-2020-28018 — CVSS 9.8 (critical): Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.
CVE-2020-28022 — CVSS 9.8 (critical): Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing…
CVE-2020-28020 — CVSS 9.8 (critical): Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by…
CVE-2017-16943 — CVSS 9.8 (critical): The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a…
CVE-2021-20314 — CVSS 9.8 (critical): Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially…
CVE-2020-28021 — CVSS 8.8 (high): Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into…
CVE-2020-8015 — CVSS 8.4 (high): A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from…
CVE-2020-28013 — CVSS 7.8 (high): Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege…
CVE-2020-28007 — CVSS 7.8 (high): Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root…
CVE-2020-28008 — CVSS 7.8 (high): Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a…
CVE-2020-28009 — CVSS 7.8 (high): Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by…
CVE-2020-28010 — CVSS 7.8 (high): Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname…
CVE-2020-28011 — CVSS 7.8 (high): Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation…
CVE-2020-28012 — CVSS 7.8 (high): Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that…
CVE-2020-28015 — CVSS 7.8 (high): Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a…
CVE-2020-28016 — CVSS 7.8 (high): Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase.
CVE-2020-28025 — CVSS 7.5 (high): Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len…
CVE-2020-28023 — CVSS 7.5 (high): Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated…
CVE-2020-12783 — CVSS 7.5 (high): Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and…
CVE-2017-16944 — CVSS 7.5 (high): The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service…
CVE-2020-28019 — CVSS 7.5 (high): Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs…
CVE-2020-28014 — CVSS 6.1 (medium): Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of…
CVE-2017-1000369 — CVSS 4.0 (medium): Exim supports the use of multiple "-p" command line arguments which are malloc()'ed and never free()'ed, used in conjunction with other…