======================================================================== CVE-2020-LFDIR -- Link attack in Exim's log directory > CWE-250: Execution with Unnecessary Privileges > Local Use CVE-2020-28007 ======================================================================== CVE-2020-SPDIR -- Assorted attacks in Exim's spool directory > CWE-250: Execution with Unnecessary Privileges > Local Use CVE-2020-28008 ======================================================================== CVE-2020-PIDFP -- Arbitrary PID file creation > CWE-250: Execution with Unnecessary Privileges > Local Use CVE-2020-28014 ======================================================================== CVE-2020-SPRSS -- Heap buffer overflow in queue_run() > CWE-122: Heap-based Buffer Overflow > Local Use CVE-2020-28011 ======================================================================== CVE-2020-SLCWD -- Heap out-of-bounds write in main() > CWE-787: Out-of-bounds Write > Local Use CVE-2020-28010 ======================================================================== CVE-2020-PFPSN -- Heap buffer overflow in parse_fix_phrase() > CWE-122: Heap-based Buffer Overflow > Local Use CVE-2020-28013 ======================================================================== CVE-2020-PFPZA -- Heap out-of-bounds write in parse_fix_phrase() > CWE-787: Out-of-bounds Write > Local Use CVE-2020-28016 ======================================================================== CVE-2020-NLEND -- New-line injection into spool header file (local) > CWE-144: Improper Neutralization of Line Delimiters > Local Use CVE-2020-28015 ======================================================================== CVE-2020-CLOSE -- Missing close-on-exec flag for privileged pipe > CWE-403: Exposure of File Descriptor to Unintended Control Sphere > Local Use CVE-2020-28012 ======================================================================== CVE-2020-STDIN -- Integer overflow in get_stdinput() > CWE-680: Integer Overflow to Buffer Overflow > Local Use CVE-2020-28009 ======================================================================== CVE-2020-RCPTL -- Integer overflow in receive_add_recipient() > CWE-680: Integer Overflow to Buffer Overflow > Remote Use CVE-2020-28017 ======================================================================== CVE-2020-HSIZE -- Integer overflow in receive_msg() > CWE-680: Integer Overflow to Buffer Overflow > Remote Use CVE-2020-28020 ======================================================================== CVE-2020-SCHAD -- Out-of-bounds read in smtp_setup_msg() > CWE-125: Out-of-bounds Read > Remote Use CVE-2020-28023 ======================================================================== CVE-2020-MAUTH -- New-line injection into spool header file (remote) > CWE-144: Improper Neutralization of Line Delimiters > Remote Use CVE-2020-28021 ======================================================================== CVE-2020-EXOPT -- Heap out-of-bounds read and write in extract_option() > CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer > Remote Use CVE-2020-28022 ======================================================================== CVE-2020-FGETS -- Line truncation and injection in spool_read_header() > CWE-144: Improper Neutralization of Line Delimiters > Remote Use CVE-2020-28026 ======================================================================== CVE-2020-BDATA -- Failure to reset function pointer after BDAT error > CWE-665: Improper Initialization > Remote Use CVE-2020-28019 ======================================================================== CVE-2020-UNGET -- Heap buffer underflow in smtp_ungetc() > CWE-124: Buffer Underwrite > Remote Use CVE-2020-28024 ======================================================================== CVE-2020-OCORK -- Use-after-free in tls-openssl.c > CWE-416: Use After Free > Remote Use CVE-2020-28018 ======================================================================== CVE-2020-BHASH -- Heap out-of-bounds read in pdkim_finish_bodyhash() > CWE-125: Out-of-bounds Read > Remote Use CVE-2020-28025 ========================================================================