Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mutt mutt vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2018-14355
An issue exists in Mutt prior to 1.10.1 and NeoMutt prior to 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name.
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Mutt Mutt
Neomutt Neomutt
Canonical Ubuntu Linux 16.04
9.8
CVSSv3
CVE-2018-14356
An issue exists in Mutt prior to 1.10.1 and NeoMutt prior to 2018-07-16. pop.c mishandles a zero-length UID.
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Mutt Mutt
Neomutt Neomutt
Canonical Ubuntu Linux 16.04
NA
CVE-2014-9116
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote malicious users to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt...
Suse Linux Enterprise Desktop 12
Suse Suse Linux Enterprise Server 12
Mutt Mutt 1.5.23
Debian Debian Linux 7.0
Mageia Mageia 4.0
NA
CVE-2011-1429
Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle malicious users to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766.
Mutt Mutt
NA
CVE-2009-3766
mutt_ssl.c in mutt 1.5.16 and other versions prior to 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle malicious users to spoof SSL servers via an arbitrary valid cer...
Mutt Mutt
NA
CVE-2009-3765
mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle malicious users to spoof arbitrary SSL servers via...
Mutt Mutt 1.5.19
Mutt Mutt 1.5.20
NA
CVE-2009-2908
The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer derefe...
Linux Linux Kernel 2.6.31
NA
CVE-2009-1390
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote malicious users to spoof trusted servers via a man-in-...
Mutt Mutt 1.5.19
NA
CVE-2007-2683
Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.
Mutt Mutt 1.4.2
1 EDB exploit
NA
CVE-2007-1558
The APOP protocol allows remote malicious users to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderb...
Apop Protocol Apop Protocol
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »