Page 158 of 1963 results (0.021 seconds)

CVSS: 9.8EPSS: 1%CPEs: 20EXPL: 0

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. Permiten que los servidores IMAP remotos ejecuten comandos arbitrarios mediante caracteres de acento grave; esto está relacionado con el comando mailboxes asociado con una suscripción automática. • http://www.mutt.org/news.html https://access.redhat.com/errata/RHSA-2018:2526 https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725 https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html https://neomutt.org/2018/07/16/release https://security.gentoo.org/glsa/201810-07 https://usn.ubuntu.com/3719-1 https://usn.ubuntu.com/3719-3 https://www.debian.org/security/2018/dsa • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 1%CPEs: 18EXPL: 0

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. pop.c no prohíbe los caracteres que podrían interactuar de forma insegura con los nombres de ruta message-cache, tal y como queda demostrado con un carácter "/". • http://www.mutt.org/news.html https://access.redhat.com/errata/RHSA-2018:2526 https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576 https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html https://neomutt.org/2018/07/16/release https://security.gentoo.org/glsa/201810-07 https://usn.ubuntu.com/3719-3 https://www.debian.org/security/2018/dsa-4277 https://access.redhat.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 1

Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image. El kernel de Linux es vulnerable a un desbordamiento de búfer basado en memoria dinámica (heap) en la función fs/ext4/xattr.c:ext4_xattr_set_entry(). Un atacante podría explotar esta vulnerabilidad operando en una imagen montada ext4 manipulada. The Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. • http://www.securityfocus.com/bid/104858 https://access.redhat.com/errata/RHSA-2019:0162 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10840 https://usn.ubuntu.com/3752-1 https://usn.ubuntu.com/3752-2 https://usn.ubuntu.com/3752-3 https://access.redhat.com/security/cve/CVE-2018-10840 https://bugzilla.redhat.com/show_bug.cgi?id=1582346 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0

Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9. Las partes S/MIME descifradas, cuando se incluyen en HTML manipulado para un ataque, pueden filtrar texto plano cuando se incluyen en una respuesta/reenvío HTML. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.9. • http://www.securityfocus.com/bid/104613 https://access.redhat.com/errata/RHSA-2018:2251 https://access.redhat.com/errata/RHSA-2018:2252 https://bugzilla.mozilla.org/show_bug.cgi?id=1419417 https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html https://security.gentoo.org/glsa/201811-13 https://usn.ubuntu.com/3714-1 https://www.debian.org/security/2018/dsa-4244 https://www.mozilla.org/security/advisories/mfsa2018-18 https://access.redhat.com/security/cve/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •

CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0

dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9. Las partes S/MIME descifradas ocultas con CSS o la etiqueta HTML en texto plano pueden filtrar texto plano cuando se incluyen en una respuesta/reenvío HTML. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.9. • http://www.securityfocus.com/bid/104613 https://access.redhat.com/errata/RHSA-2018:2251 https://access.redhat.com/errata/RHSA-2018:2252 https://bugzilla.mozilla.org/show_bug.cgi?id=1464056 https://bugzilla.mozilla.org/show_bug.cgi?id=1464667 https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html https://security.gentoo.org/glsa/201811-13 https://usn.ubuntu.com/3714-1 https://www.debian.org/security/2018/dsa-4244 https://www.mozilla.org/security/advisories& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •