X-Git-Url: https://git.exim.org/exim-website.git/blobdiff_plain/a2de87c485edb179c59783c693781c93819a1a5d..34fcdc20a1610c9c171db62fcd694613e4cd09c0:/templates/static/doc/security/CVE-2020-qualys/CVE-assigments.txt

diff --git a/templates/static/doc/security/CVE-2020-qualys/CVE-assigments.txt b/templates/static/doc/security/CVE-2020-qualys/CVE-assigments.txt
new file mode 100644
index 0000000..e6f3d70
--- /dev/null
+++ b/templates/static/doc/security/CVE-2020-qualys/CVE-assigments.txt
@@ -0,0 +1,142 @@
+
+========================================================================
+
+CVE-2020-LFDIR -- Link attack in Exim's log directory
+> CWE-250: Execution with Unnecessary Privileges
+> Local
+Use CVE-2020-28007
+
+========================================================================
+
+CVE-2020-SPDIR -- Assorted attacks in Exim's spool directory
+> CWE-250: Execution with Unnecessary Privileges
+> Local
+Use CVE-2020-28008
+
+========================================================================
+
+CVE-2020-PIDFP -- Arbitrary PID file creation
+> CWE-250: Execution with Unnecessary Privileges
+> Local
+Use CVE-2020-28014
+
+========================================================================
+
+CVE-2020-SPRSS -- Heap buffer overflow in queue_run()
+> CWE-122: Heap-based Buffer Overflow
+> Local
+Use CVE-2020-28011
+
+========================================================================
+
+CVE-2020-SLCWD -- Heap out-of-bounds write in main()
+> CWE-787: Out-of-bounds Write
+> Local
+Use CVE-2020-28010
+
+========================================================================
+
+CVE-2020-PFPSN -- Heap buffer overflow in parse_fix_phrase()
+> CWE-122: Heap-based Buffer Overflow
+> Local
+Use CVE-2020-28013
+
+========================================================================
+
+CVE-2020-PFPZA -- Heap out-of-bounds write in parse_fix_phrase()
+> CWE-787: Out-of-bounds Write
+> Local
+Use CVE-2020-28016
+
+========================================================================
+
+CVE-2020-NLEND -- New-line injection into spool header file (local)
+> CWE-144: Improper Neutralization of Line Delimiters
+> Local
+Use CVE-2020-28015
+
+========================================================================
+
+CVE-2020-CLOSE -- Missing close-on-exec flag for privileged pipe
+> CWE-403: Exposure of File Descriptor to Unintended Control Sphere
+> Local
+Use CVE-2020-28012
+
+========================================================================
+
+CVE-2020-STDIN -- Integer overflow in get_stdinput()
+> CWE-680: Integer Overflow to Buffer Overflow
+> Local
+Use CVE-2020-28009
+
+========================================================================
+
+CVE-2020-RCPTL -- Integer overflow in receive_add_recipient()
+> CWE-680: Integer Overflow to Buffer Overflow
+> Remote
+Use CVE-2020-28017
+
+========================================================================
+
+CVE-2020-HSIZE -- Integer overflow in receive_msg()
+> CWE-680: Integer Overflow to Buffer Overflow
+> Remote
+Use CVE-2020-28020
+
+========================================================================
+
+CVE-2020-SCHAD -- Out-of-bounds read in smtp_setup_msg()
+> CWE-125: Out-of-bounds Read
+> Remote
+Use CVE-2020-28023
+
+========================================================================
+
+CVE-2020-MAUTH -- New-line injection into spool header file (remote)
+> CWE-144: Improper Neutralization of Line Delimiters
+> Remote
+Use CVE-2020-28021
+
+========================================================================
+
+CVE-2020-EXOPT -- Heap out-of-bounds read and write in extract_option()
+> CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
+> Remote
+Use CVE-2020-28022
+
+========================================================================
+
+CVE-2020-FGETS -- Line truncation and injection in spool_read_header()
+> CWE-144: Improper Neutralization of Line Delimiters
+> Remote
+Use CVE-2020-28026
+
+========================================================================
+
+CVE-2020-BDATA -- Failure to reset function pointer after BDAT error
+> CWE-665: Improper Initialization
+> Remote
+Use CVE-2020-28019
+
+========================================================================
+
+CVE-2020-UNGET -- Heap buffer underflow in smtp_ungetc()
+> CWE-124: Buffer Underwrite
+> Remote
+Use CVE-2020-28024
+
+========================================================================
+
+CVE-2020-OCORK -- Use-after-free in tls-openssl.c
+> CWE-416: Use After Free
+> Remote
+Use CVE-2020-28018
+
+========================================================================
+
+CVE-2020-BHASH -- Heap out-of-bounds read in pdkim_finish_bodyhash()
+> CWE-125: Out-of-bounds Read
+> Remote
+Use CVE-2020-28025
+
+========================================================================