Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mutt mutt vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-14359
An issue exists in Mutt prior to 1.10.1 and NeoMutt prior to 2018-07-16. They have a buffer overflow via base64 data.
Mutt Mutt
Neomutt Neomutt
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.5
CVSSv2
CVE-2018-14361
An issue exists in NeoMutt prior to 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data.
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Neomutt Neomutt
5
CVSSv2
CVE-2014-9116
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote malicious users to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt...
Suse Linux Enterprise Desktop 12
Suse Suse Linux Enterprise Server 12
Mutt Mutt 1.5.23
Debian Debian Linux 7.0
Mageia Mageia 4.0
5.8
CVSSv2
CVE-2011-1429
Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle malicious users to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766.
Mutt Mutt
6.8
CVSSv2
CVE-2009-3766
mutt_ssl.c in mutt 1.5.16 and other versions prior to 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid cer...
Mutt Mutt
6.8
CVSSv2
CVE-2009-3765
mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle malicious users to spoof arbitrary SSL servers via...
Mutt Mutt 1.5.19
Mutt Mutt 1.5.20
4.9
CVSSv2
CVE-2009-2908
The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer derefe...
Linux Linux Kernel 2.6.31
6.8
CVSSv2
CVE-2009-1390
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote malicious users to spoof trusted servers via a man-in-...
Mutt Mutt 1.5.19
3.5
CVSSv2
CVE-2007-2683
Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.
Mutt Mutt 1.4.2
1 EDB exploit
2.6
CVSSv2
CVE-2007-1558
The APOP protocol allows remote malicious users to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderb...
Apop Protocol Apop Protocol
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »