Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image
processing. An authenticated user could use this issue to access arbitrary
files on the server, possibly exposing sensitive information.
It was discovered that Exim did not enforce STARTTLS sync point on client
side. An attacker could possibly use this issue to perform response
injection during MTA SMTP sending.