Product:

Neomutt

(Neomutt)
Repositories https://github.com/neomutt/neomutt
#Vulnerabilities 16
Date ID Summary Products Score Patch
2020-06-21 CVE-2020-14954 Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." Debian_linux, Mutt, Neomutt N/A
2018-07-17 CVE-2018-14363 An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames. Debian_linux, Neomutt 7.5
2018-07-17 CVE-2018-14362 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. Ubuntu_linux, Debian_linux, Mutt, Neomutt, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation 9.8
2018-07-17 CVE-2018-14361 An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data. Debian_linux, Neomutt 9.8
2018-07-17 CVE-2018-14360 An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage. Debian_linux, Neomutt 9.8
2018-07-17 CVE-2018-14359 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data. Ubuntu_linux, Debian_linux, Mutt, Neomutt 9.8
2018-07-17 CVE-2018-14358 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field. Ubuntu_linux, Debian_linux, Mutt, Neomutt 9.8
2018-07-17 CVE-2018-14357 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription. Ubuntu_linux, Debian_linux, Mutt, Neomutt, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation 9.8
2018-07-17 CVE-2018-14356 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID. Ubuntu_linux, Debian_linux, Mutt, Neomutt 9.8
2018-07-17 CVE-2018-14355 An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name. Ubuntu_linux, Debian_linux, Mutt, Neomutt 5.3