Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mutt
(Mutt)| Repositories | https://github.com/neomutt/neomutt |
| #Vulnerabilities | 42 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2009-06-16 | CVE-2009-1390 | Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack. | Mutt | N/A | ||
| 2007-05-15 | CVE-2007-2683 | Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion. | Mutt | N/A | ||
| 2007-03-06 | CVE-2007-1268 | Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | Mutt | N/A | ||
| 2006-10-16 | CVE-2006-5298 | The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls. | Mutt | N/A | ||
| 2006-10-16 | CVE-2006-5297 | Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems. | Mutt | N/A | ||
| 2005-08-23 | CVE-2005-2642 | Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext. | Mutt | N/A | ||
| 2004-03-03 | CVE-2004-0078 | Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages. | Mutt | N/A | ||
| 2003-06-16 | CVE-2003-0300 | The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. | Outlook_express, Mozilla, Mutt, Eudora, Balsa, Sylpheed_email_client, Pine, Evolution | N/A | ||
| 2003-06-16 | CVE-2003-0299 | The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors. | Mutt, Balsa | N/A | ||
| 2003-04-02 | CVE-2003-0167 | Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140. | Mutt | N/A |