Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mutt
(Mutt)| Repositories | https://github.com/neomutt/neomutt |
| #Vulnerabilities | 42 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-11-23 | CVE-2020-28896 | Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle. | Debian_linux, Mutt, Neomutt | 5.3 | ||
| 2021-05-05 | CVE-2021-32055 | Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default. | Mutt, Neomutt | 9.1 | ||
| 2018-07-17 | CVE-2018-14357 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription. | Ubuntu_linux, Debian_linux, Mutt, Neomutt, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | N/A | ||
| 2018-07-17 | CVE-2018-14354 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription. | Ubuntu_linux, Debian_linux, Mutt, Neomutt, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | N/A | ||
| 2019-11-01 | CVE-2005-2351 | Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. | Debian_linux, Mutt | N/A | ||
| 2009-10-23 | CVE-2009-3766 | mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | Mutt | N/A | ||
| 2018-07-17 | CVE-2018-14362 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. | Ubuntu_linux, Debian_linux, Mutt, Neomutt, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 9.8 | ||
| 2018-07-17 | CVE-2018-14359 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data. | Ubuntu_linux, Debian_linux, Mutt, Neomutt | 9.8 | ||
| 2018-07-17 | CVE-2018-14358 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field. | Ubuntu_linux, Debian_linux, Mutt, Neomutt | 9.8 | ||
| 2018-07-17 | CVE-2018-14356 | An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID. | Ubuntu_linux, Debian_linux, Mutt, Neomutt | 9.8 |