National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:mutt:mutt:1.5.14
There are 15 matching records.
Vuln ID Summary CVSS Severity
CVE-2005-2351

Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files.

Published: November 01, 2019; 03:15:10 PM -04:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2018-14362

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.

Published: July 17, 2018; 01:29:00 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-14359

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.

Published: July 17, 2018; 01:29:00 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-14358

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field.

Published: July 17, 2018; 01:29:00 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-14357

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.

Published: July 17, 2018; 01:29:00 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-14356

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.

Published: July 17, 2018; 01:29:00 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-14355

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name.

Published: July 17, 2018; 01:29:00 PM -04:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2018-14354

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.

Published: July 17, 2018; 01:29:00 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-14353

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.

Published: July 17, 2018; 01:29:00 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-14352

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.

Published: July 17, 2018; 01:29:00 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-14351

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size.

Published: July 17, 2018; 01:29:00 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-14350

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.

Published: July 17, 2018; 01:29:00 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-14349

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.

Published: July 17, 2018; 01:29:00 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2014-0467

Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion.

Published: March 14, 2014; 11:55:05 AM -04:00
    V2: 5.0 MEDIUM
CVE-2011-1429

Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766.

Published: March 16, 2011; 06:55:04 PM -04:00
    V2: 5.8 MEDIUM