The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023.
|79962||GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011||Nessus||Gentoo Local Security Checks|
|50369||openSUSE Security Update : php5-pear-mail (openSUSE-SU-2010:0909-1)||Nessus||SuSE Local Security Checks|
|44303||Mandriva Linux Security Advisory : php-pear-Mail (MDVSA-2010:025)||Nessus||Mandriva Local Security Checks|