
========================================================================

CVE-2020-LFDIR -- Link attack in Exim's log directory
> CWE-250: Execution with Unnecessary Privileges
> Local
Use CVE-2020-28007

========================================================================

CVE-2020-SPDIR -- Assorted attacks in Exim's spool directory
> CWE-250: Execution with Unnecessary Privileges
> Local
Use CVE-2020-28008

========================================================================

CVE-2020-PIDFP -- Arbitrary PID file creation
> CWE-250: Execution with Unnecessary Privileges
> Local
Use CVE-2020-28014

========================================================================

CVE-2020-SPRSS -- Heap buffer overflow in queue_run()
> CWE-122: Heap-based Buffer Overflow
> Local
Use CVE-2020-28011

========================================================================

CVE-2020-SLCWD -- Heap out-of-bounds write in main()
> CWE-787: Out-of-bounds Write
> Local
Use CVE-2020-28010

========================================================================

CVE-2020-PFPSN -- Heap buffer overflow in parse_fix_phrase()
> CWE-122: Heap-based Buffer Overflow
> Local
Use CVE-2020-28013

========================================================================

CVE-2020-PFPZA -- Heap out-of-bounds write in parse_fix_phrase()
> CWE-787: Out-of-bounds Write
> Local
Use CVE-2020-28016

========================================================================

CVE-2020-NLEND -- New-line injection into spool header file (local)
> CWE-144: Improper Neutralization of Line Delimiters
> Local
Use CVE-2020-28015

========================================================================

CVE-2020-CLOSE -- Missing close-on-exec flag for privileged pipe
> CWE-403: Exposure of File Descriptor to Unintended Control Sphere
> Local
Use CVE-2020-28012

========================================================================

CVE-2020-STDIN -- Integer overflow in get_stdinput()
> CWE-680: Integer Overflow to Buffer Overflow
> Local
Use CVE-2020-28009

========================================================================

CVE-2020-RCPTL -- Integer overflow in receive_add_recipient()
> CWE-680: Integer Overflow to Buffer Overflow
> Remote
Use CVE-2020-28017

========================================================================

CVE-2020-HSIZE -- Integer overflow in receive_msg()
> CWE-680: Integer Overflow to Buffer Overflow
> Remote
Use CVE-2020-28020

========================================================================

CVE-2020-SCHAD -- Out-of-bounds read in smtp_setup_msg()
> CWE-125: Out-of-bounds Read
> Remote
Use CVE-2020-28023

========================================================================

CVE-2020-MAUTH -- New-line injection into spool header file (remote)
> CWE-144: Improper Neutralization of Line Delimiters
> Remote
Use CVE-2020-28021

========================================================================

CVE-2020-EXOPT -- Heap out-of-bounds read and write in extract_option()
> CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
> Remote
Use CVE-2020-28022

========================================================================

CVE-2020-FGETS -- Line truncation and injection in spool_read_header()
> CWE-144: Improper Neutralization of Line Delimiters
> Remote
Use CVE-2020-28026

========================================================================

CVE-2020-BDATA -- Failure to reset function pointer after BDAT error
> CWE-665: Improper Initialization
> Remote
Use CVE-2020-28019

========================================================================

CVE-2020-UNGET -- Heap buffer underflow in smtp_ungetc()
> CWE-124: Buffer Underwrite
> Remote
Use CVE-2020-28024

========================================================================

CVE-2020-OCORK -- Use-after-free in tls-openssl.c
> CWE-416: Use After Free
> Remote
Use CVE-2020-28018

========================================================================

CVE-2020-BHASH -- Heap out-of-bounds read in pdkim_finish_bodyhash()
> CWE-125: Out-of-bounds Read
> Remote
Use CVE-2020-28025

========================================================================
