CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-18862 – GNU Mailutils 3.7 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-18862
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. maidag en GNU Mailutils versiones anteriores 3.8, se instaló un setuid y permite una escalada de privilegios locales en el modo url. GNU Mailutils versions 2.0 through 3.7 suffer from a local privilege escalation vulnerability. • https://www.exploit-db.com/exploits/47703 http://packetstormsecurity.com/files/155425/GNU-Mailutils-3.7-Privilege-Escalation.html https://git.savannah.gnu.org/cgit/mailutils.git/tree/NEWS https://security.gentoo.org/glsa/202006-12 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1824
https://notcve.org/view.php?id=CVE-2005-1824
The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031 http://www.gentoo.org/security/en/glsa/glsa-200506-02.xml •