Page 2 of 23 results (0.008 seconds)

CVSS: 5.9EPSS: 0%CPEs: 14EXPL: 0

CVE-2020-14954

https://notcve.org/view.php?id=CVE-2020-14954

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." Mutt versiones anteriores a 1.14.4 y NeoMutt antes del 19-06-2020, presentan un problema de almacenamiento de STARTTLS que afecta a IMAP, SMTP y POP3. Cuando un servidor envía una respuesta "begin TLS", el cliente lee datos adicionales (por ejemplo, a partir de un atacante man-in-the-middle) y los evalúa en un contexto TLS, también se conoce como "response injection" • http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200615/000023.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html http://www.mutt.org https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc https://github.com/neomutt/neomutt/releases/tag/20200619 https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4 https://gitlab.com/muttmua/mutt/-/issues& • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 5.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-14154

https://notcve.org/view.php?id=CVE-2020-14154

Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. Mutt versiones anteriores a 1.14.3, procede con una conexión incluso si, en respuesta a un aviso de certificado GnuTLS, el usuario rechaza un certificado intermedio expirado • http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html http://www.mutt.org https://bugs.gentoo.org/728300 https://security.gentoo.org/glsa/202007-57 https://usn.ubuntu.com/4401-1 •

CVSS: 5.9EPSS: 0%CPEs: 11EXPL: 0

CVE-2020-14093

https://notcve.org/view.php?id=CVE-2020-14093

Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. Mutt versiones anteriores a 1.14.3, permite un ataque de tipo man-in-the-middle de fcc/postpone de IMAP por medio de una respuesta PREAUTH • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00070.html http://www.mutt.org https://bugs.gentoo.org/728300 https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01 https://lists.debian.org/debian-lts-announce/2020/06/msg00039.html https://lists.debian.org/debian-lts-announce/2020/06/msg00040.html https://security.gentoo.org/glsa/202007-57 https://usn.ubuntu.com/4401-1 https • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2005-2351

https://notcve.org/view.php?id=CVE-2005-2351

Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. Mutt versiones anteriores a 1.5.20, parche 7, permite a un atacante causar una denegación de servicio por medio de una serie de peticiones para archivos temporales de mutt. • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311296 https://security-tracker.debian.org/tracker/CVE-2005-2351 • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

CVE-2018-14349

https://notcve.org/view.php?id=CVE-2018-14349

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. imap/command.c gestiona de manera incorrecta una respuesta NO sin mensaje. • http://www.mutt.org/news.html https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1 https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416 https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html https://neomutt.org/2018/07/16/release https://security.gentoo.org/glsa/201810-07 https://usn.ubuntu.com/3719-3 https://www.debian.org/security/2018/dsa-4277 • CWE-20: Improper Input Validation •