Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-19920

Опубликовано: 22 дек. 2019
Источник: nvd
CVSS3: 8.8
CVSS2: 9
EPSS Низкий

Описание

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:sa-exim_project:sa-exim:4.2.1:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 90%
0.05359
Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

ubuntu логотип

CVE-2019-19920

CVSS3: 8.8
ubuntu
почти 6 лет назад

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.

debian логотип

CVE-2019-19920

CVSS3: 8.8
debian
почти 6 лет назад

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can w ...

github логотип

GHSA-28xw-m7jp-89ch

CVSS3: 8.8
github
больше 3 лет назад

sa-exim 4.2.1 allows attackers to execute arbitrary code if they can write a .cf file or a rule. This occurs because Greylisting.pm relies on eval (rather than direct parsing and/or use of the taint feature). This issue is similar to CVE-2018-11805.

EPSS

Процентиль: 90%
0.05359
Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78