CVSS: 9.8EPSS: 5%CPEs: 18EXPL: 0CVE-2018-14362 – mutt: POP body caching path traversal vulnerability
https://notcve.org/view.php?id=CVE-2018-14362
17 Jul 2018 — An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character. Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. pop.c no prohíbe los caracteres que podrían interactuar de forma insegura con los nombres de ruta message-cache, tal y como queda demostrado con un carácter "/". USN-3719-1 fixed v... • http://www.mutt.org/news.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 26EXPL: 0CVE-2014-0467 – mutt: heap-based buffer overflow when parsing certain headers
https://notcve.org/view.php?id=CVE-2014-0467
12 Mar 2014 — Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. Desbordamiento de buffer en copy.c en Mutt anterior a 1.5.23 permite a atacantes remotos causar una denegación de servicio (caída) a través de una línea de cabecera RFC2047 manipulada, relacionado con la expansión de dirección. Mutt is a text-mode mail user agent. A heap-based buffer overflow flaw was found in the way mutt processed cer... • http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3765
https://notcve.org/view.php?id=CVE-2009-3765
23 Oct 2009 — mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. mutt_ssl.c en mutt 1.5.19 y 1.5.20, cuando usa OenSSL, no maneja de forma adecuada el caracter '\0' en un nombre de dominio, dentro del campo sujeto... • http://dev.mutt.org/trac/changeset/6016:dc09812e63a3/mutt_ssl.c • CWE-310: Cryptographic Issues •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 2CVE-2009-1390
https://notcve.org/view.php?id=CVE-2009-1390
16 Jun 2009 — Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack. Mutt v1.5.º9, enlazado contra (1) OpenSSL (mutt_ssl.c) o (2) GnuTLS (mutt_ssl_gnutls.c), permite conexiones cuando se acepta un certificado TLS en la cadena en vez de verificar esta última, lo que permite a atacantes re... • http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a • CWE-287: Improper Authentication •