CVSS: 9.8EPSS: 4%CPEs: 20EXPL: 0CVE-2018-14357 – mutt: Remote Code Execution via backquote characters
https://notcve.org/view.php?id=CVE-2018-14357
17 Jul 2018 — An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. Permiten que los servidores IMAP remotos ejecuten comandos arbitrarios mediante caracteres de acento grave; esto está relacionado con el comando mail... • http://www.mutt.org/news.html • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2018-14358 – Ubuntu Security Notice USN-7204-1
https://notcve.org/view.php?id=CVE-2018-14358
17 Jul 2018 — An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. imap/message.c tiene un desbordamiento de búfer basado en pila para una respuesta FETCH con un campo RFC822.SIZE largo. USN-3719-1 fixed vulnerabilities in Mutt. Unfortunately, the fixes were not correctly appli... • http://www.mutt.org/news.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 4%CPEs: 8EXPL: 0CVE-2018-14359 – Gentoo Linux Security Advisory 201810-07
https://notcve.org/view.php?id=CVE-2018-14359
17 Jul 2018 — An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. Tienen un desbordamiento de búfer mediante datos en base64. Several vulnerabilities were discovered in Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, potentially leading to code execution, denial of service or information disclosure when conne... • http://www.mutt.org/news.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-14360 – Debian Security Advisory 4277-1
https://notcve.org/view.php?id=CVE-2018-14360
17 Jul 2018 — An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage. Se ha descubierto un problema en NeoMutt en versiones anteriores al 2018-07-16. nntp_add_group en newsrc.c tiene un desbordamiento de búfer basado en pila debido a un uso incorrecto de sscanf. Several vulnerabilities were discovered in Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, potentially leading to code execution, denial of servic... • https://github.com/neomutt/neomutt/commit/6296f7153f0c9d5e5cd3aaf08f9731e56621bdd3 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-14361 – Ubuntu Security Notice USN-7204-1
https://notcve.org/view.php?id=CVE-2018-14361
17 Jul 2018 — An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data. Se ha descubierto un problema en NeoMutt en versiones anteriores al 2018-07-16. nntp.c continúa incluso aunque la asignación de memoria fracase para los datos de mensajes. Jeriko One discovered that NeoMutt incorrectly handled certain IMAP and POP3 responses. An attacker could possibly use this issue to cause NeoMutt to crash, resulting in a denial of service, or the execution of arbitrar... • https://github.com/neomutt/neomutt/commit/9e927affe3a021175f354af5fa01d22657c20585 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 5%CPEs: 18EXPL: 0CVE-2018-14362 – mutt: POP body caching path traversal vulnerability
https://notcve.org/view.php?id=CVE-2018-14362
17 Jul 2018 — An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. pop.c no prohíbe los caracteres que podrían interactuar de forma insegura con los nombres de ruta message-cache, tal y como queda demostrado con un carácter "/". USN-3719-1 fixed v... • http://www.mutt.org/news.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-14363 – Debian Security Advisory 4277-1
https://notcve.org/view.php?id=CVE-2018-14363
17 Jul 2018 — An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames. Se ha descubierto un problema en NeoMutt en versiones anteriores al 2018-07-16. newsrc.c no restringe correctamente los caracteres "/" que podrían interactuar de forma insegura con los nombres de ruta de la caché. Several vulnerabilities were discovered in Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, potentially leading to c... • https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •