cvelistv5 - cve-2019-10149

CVE-2019-10149 (GCVE-0-2019-10149)

Vulnerability from cvelistv5

Published

2019-06-05 00:00

Modified

2025-10-21 23:45

Severity ?

9.0 (Critical) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-78

Summary

A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2019/06/05/2	mailing-list
	https://usn.ubuntu.com/4010-1/	vendor-advisory
	http://www.openwall.com/lists/oss-security/2019/06/05/3	mailing-list
	http://www.openwall.com/lists/oss-security/2019/06/05/4	mailing-list
	https://www.debian.org/security/2019/dsa-4456	vendor-advisory
	https://seclists.org/bugtraq/2019/Jun/5	mailing-list
	https://security.gentoo.org/glsa/201906-01	vendor-advisory
	http://www.openwall.com/lists/oss-security/2019/06/06/1	mailing-list
	http://www.securityfocus.com/bid/108679	vdb-entry
	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00020.html	vendor-advisory
	http://seclists.org/fulldisclosure/2019/Jun/16	mailing-list
	http://www.openwall.com/lists/oss-security/2019/07/25/6	mailing-list
	http://www.openwall.com/lists/oss-security/2019/07/25/7	mailing-list
	http://www.openwall.com/lists/oss-security/2019/07/26/4	mailing-list
	http://www.openwall.com/lists/oss-security/2021/05/04/7	mailing-list
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10149
	https://www.exim.org/static/doc/security/CVE-2019-10149.txt
	http://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html
	http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.html
	http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.html

Impacted products

	Vendor	Product	Version
	exim	exim	Version: 4.92

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2022-01-10

Due date: 2022-07-10

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-10149

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:10:09.944Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20190605 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/05/2"
          },
          {
            "name": "USN-4010-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4010-1/"
          },
          {
            "name": "[oss-security] 20190605 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/05/3"
          },
          {
            "name": "[oss-security] 20190605 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/05/4"
          },
          {
            "name": "DSA-4456",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4456"
          },
          {
            "name": "20190605 [SECURITY] [DSA 4456-1] exim4 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/5"
          },
          {
            "name": "GLSA-201906-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201906-01"
          },
          {
            "name": "[oss-security] 20190606 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/06/1"
          },
          {
            "name": "108679",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108679"
          },
          {
            "name": "openSUSE-SU-2019:1524",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00020.html"
          },
          {
            "name": "20190611 The Return of the WIZard: RCE in Exim (CVE-2019-10149)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Jun/16"
          },
          {
            "name": "[oss-security] 20190725 Re: Statistics for distros lists updated for 2019Q2",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/25/6"
          },
          {
            "name": "[oss-security] 20190725 Re: Statistics for distros lists updated for 2019Q2",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/25/7"
          },
          {
            "name": "[oss-security] 20190726 Re: Statistics for distros lists updated for 2019Q2",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/26/4"
          },
          {
            "name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10149"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.exim.org/static/doc/security/CVE-2019-10149.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-10149",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T13:31:13.268223Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-01-10",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-10149"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:45:35.245Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-10149"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-01-10T00:00:00.000Z",
            "value": "CVE-2019-10149 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "exim",
          "vendor": "exim",
          "versions": [
            {
              "status": "affected",
              "version": "4.92"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20190605 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/05/2"
        },
        {
          "name": "USN-4010-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4010-1/"
        },
        {
          "name": "[oss-security] 20190605 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/05/3"
        },
        {
          "name": "[oss-security] 20190605 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/05/4"
        },
        {
          "name": "DSA-4456",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4456"
        },
        {
          "name": "20190605 [SECURITY] [DSA 4456-1] exim4 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/5"
        },
        {
          "name": "GLSA-201906-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201906-01"
        },
        {
          "name": "[oss-security] 20190606 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/06/1"
        },
        {
          "name": "108679",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/108679"
        },
        {
          "name": "openSUSE-SU-2019:1524",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00020.html"
        },
        {
          "name": "20190611 The Return of the WIZard: RCE in Exim (CVE-2019-10149)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Jun/16"
        },
        {
          "name": "[oss-security] 20190725 Re: Statistics for distros lists updated for 2019Q2",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/25/6"
        },
        {
          "name": "[oss-security] 20190725 Re: Statistics for distros lists updated for 2019Q2",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/25/7"
        },
        {
          "name": "[oss-security] 20190726 Re: Statistics for distros lists updated for 2019Q2",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/26/4"
        },
        {
          "name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10149"
        },
        {
          "url": "https://www.exim.org/static/doc/security/CVE-2019-10149.txt"
        },
        {
          "url": "http://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-10149",
    "datePublished": "2019-06-05T00:00:00.000Z",
    "dateReserved": "2019-03-27T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:45:35.245Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2019-10149",
      "cwes": "[\"CWE-78\"]",
      "dateAdded": "2022-01-10",
      "dueDate": "2022-07-10",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2019-10149",
      "product": "Mail Transfer Agent (MTA)",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.",
      "vendorProject": "Exim",
      "vulnerabilityName": "Exim Mail Transfer Agent (MTA) Improper Input Validation"
    }
  }
}

CERTFR-2019-ALE-009

Vulnerability from certfr_alerte

Le CERT-FR a connaissance de cas d'exploitation de la vulnérabilité CVE-2019-10149 qui affecte Exim et permet une exécution de commande arbitraire à distance.

Cette vulnérabilité est triviale à exploiter, d'autant plus que du code d'attaque est disponible publiquement sur internet.

Le CERT-FR recommande donc fortement l'application du correctif sorti le 05 juin 2019, et ce dans les plus brefs délais.

La commande suivante peut servir à détecter des tentatives d'exploitation en cherchant dans les journaux d'activités. Elle a été testée sur un système Debian avec une configuration par défaut.

[pastacode lang="bash" manual="grep%20'%24%7Brun'%20%2Fvar%2Flog%2Fexim4%2Fmainlog" message="" highlight="" provider="manual"/]

Exemples de sortie:

[pastacode lang="bash" manual="2019-06-11%2014%3A01%3A29%201hal5N-0001Hx-3T%20**%20%24%7Brun%3C%5BCOMMANDE%20EXECUTEE%5D%3E%7D%40localhost%3A%20Too%20many%20%22Received%22%20headers%20-%20suspected%20mail%20loop%0A2019-06-11%2014%3A02%3A14%201hal66-0001I7-MN%20**%20%24%7Brun%3C%5BCOMMANDE%20EXECUTEE%5D%3E%7D%40localhost%3A%20Too%20many%20%22Received%22%20headers%20-%20suspected%20mail%20loop%0A2019-06-11%2014%3A03%3A11%201hal70-0001IH-VN%20**%20%24%7Brun%3C%5BCOMMANDE%20EXECUTEE%5D%3E%7D%40localhost%3A%20Too%20many%20%22Received%22%20headers%20-%20suspected%20mail%20loop%0A2019-06-11%2014%3A07%3A44%201halBQ-0001Ij-2D%20**%20%24%7Brun%3C%5BCOMMANDE%20EXECUTEE%5D%3E%7D%40localhost%3A%20Too%20many%20%22Received%22%20headers%20-%20suspected%20mail%20loop" message="" highlight="" provider="manual"/]

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Exim	N/A	Exim versions antérieures à 4.92

References

Title

Publication Time

Tags

Bulletin de sécurité Exim CVE-2019-10149 du 05 juin 2019	None	vendor-advisory
Avis CERT-FR CERTFR-2019-AVI-252 du 06 juin 2019	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Exim versions ant\u00e9rieures \u00e0 4.92",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Exim",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2019-07-23",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-10149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10149"
    }
  ],
  "initial_release_date": "2019-06-11T00:00:00",
  "last_revision_date": "2019-07-23T00:00:00",
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2019-AVI-252 du 06 juin 2019",
      "url": "https://cert.ssi.gouv.fr/avis/CERTFR-2019-AVI-252/"
    }
  ],
  "reference": "CERTFR-2019-ALE-009",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-06-11T00:00:00.000000"
    },
    {
      "description": "Ajout de la commande de recherche dans les journaux.",
      "revision_date": "2019-06-12T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte.",
      "revision_date": "2019-07-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de commande arbitraire \u00e0 distance"
    }
  ],
  "summary": "Le CERT-FR a connaissance de cas d\u0027exploitation de la\nvuln\u00e9rabilit\u00e9\u00a0CVE-2019-10149 qui affecte Exim et permet une ex\u00e9cution de\ncommande arbitraire \u00e0 distance.\n\nCette vuln\u00e9rabilit\u00e9 est triviale \u00e0 exploiter, d\u0027autant plus que du code\nd\u0027attaque est disponible publiquement sur internet.\n\nLe CERT-FR recommande donc fortement l\u0027application du correctif sorti le\n05 juin 2019, et ce dans les plus brefs d\u00e9lais.\n\nLa commande suivante peut servir \u00e0 d\u00e9tecter des tentatives\nd\u0027exploitation en cherchant dans les journaux d\u0027activit\u00e9s. Elle a \u00e9t\u00e9\ntest\u00e9e sur un syst\u00e8me Debian avec une configuration par d\u00e9faut.\n\n\\[pastacode lang=\"bash\"\nmanual=\"grep%20\u0027%24%7Brun\u0027%20%2Fvar%2Flog%2Fexim4%2Fmainlog\" message=\"\"\nhighlight=\"\" provider=\"manual\"/\\]\n\nExemples de sortie:\n\n\\[pastacode lang=\"bash\"\nmanual=\"2019-06-11%2014%3A01%3A29%201hal5N-0001Hx-3T%20\\*\\*%20%24%7Brun%3C%5BCOMMANDE%20EXECUTEE%5D%3E%7D%40localhost%3A%20Too%20many%20%22Received%22%20headers%20-%20suspected%20mail%20loop%0A2019-06-11%2014%3A02%3A14%201hal66-0001I7-MN%20\\*\\*%20%24%7Brun%3C%5BCOMMANDE%20EXECUTEE%5D%3E%7D%40localhost%3A%20Too%20many%20%22Received%22%20headers%20-%20suspected%20mail%20loop%0A2019-06-11%2014%3A03%3A11%201hal70-0001IH-VN%20\\*\\*%20%24%7Brun%3C%5BCOMMANDE%20EXECUTEE%5D%3E%7D%40localhost%3A%20Too%20many%20%22Received%22%20headers%20-%20suspected%20mail%20loop%0A2019-06-11%2014%3A07%3A44%201halBQ-0001Ij-2D%20\\*\\*%20%24%7Brun%3C%5BCOMMANDE%20EXECUTEE%5D%3E%7D%40localhost%3A%20Too%20many%20%22Received%22%20headers%20-%20suspected%20mail%20loop\"\nmessage=\"\" highlight=\"\" provider=\"manual\"/\\]\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Exim",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Exim CVE-2019-10149 du 05 juin 2019",
      "url": "https://www.exim.org/static/doc/security/CVE-2019-10149.txt"
    }
  ]
}

CERTFR-2019-AVI-252

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Exim. Elle permet à un attaquant de provoquer une exécution de commande arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Exim	N/A	Exim versions 4.87 à 4.91

References

Title

Publication Time

Tags

Bulletin de sécurité Exim CVE-2019-10149 du 05 juin 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Exim versions 4.87 \u00e0 4.91",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Exim",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-10149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10149"
    }
  ],
  "initial_release_date": "2019-06-06T00:00:00",
  "last_revision_date": "2019-06-06T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-252",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-06-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de commande arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Exim. Elle permet \u00e0 un attaquant\nde provoquer une ex\u00e9cution de commande arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Exim",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Exim CVE-2019-10149 du 05 juin 2019",
      "url": "https://www.exim.org/static/doc/security/CVE-2019-10149.txt"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-10149 (GCVE-0-2019-10149)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

CERTFR-2019-ALE-009

Vulnerability from certfr_alerte

Solution

CERTFR-2019-AVI-252

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature