Skip to main content

Neomutt

21 CVEs product

Monthly

CVE-2024-49395 MEDIUM This Month

In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mutt Neomutt Enterprise Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-49394 MEDIUM This Month

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Mutt Neomutt Enterprise Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-49393 MEDIUM This Month

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Mutt Neomutt Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-32055 CRITICAL PATCH Act Now

Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Mutt Neomutt
NVD GitHub
CVSS 3.1
9.1
EPSS
2.6%
CVE-2020-28896 MEDIUM PATCH This Month

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Mutt Neomutt Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
2.3%
CVE-2020-14954 MEDIUM PATCH This Month

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Code Injection Mutt Debian Linux Neomutt Fedora +2
NVD GitHub
CVSS 3.1
5.9
EPSS
2.3%
CVE-2018-14363 HIGH PATCH This Week

An issue was discovered in NeoMutt before 2018-07-16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Debian Linux Neomutt
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2018-14362 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Mutt Neomutt Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2018-14361 CRITICAL PATCH Act Now

An issue was discovered in NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Neomutt
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2018-14360 CRITICAL PATCH Act Now

An issue was discovered in NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Debian Linux Neomutt
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2018-14359 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Mutt Neomutt Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2018-14358 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Mutt Neomutt Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2018-14357 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mutt Neomutt Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
9.8
EPSS
5.0%
CVE-2018-14356 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Information Disclosure Debian Linux Mutt Neomutt +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2018-14355 MEDIUM PATCH This Month

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Debian Linux Mutt Neomutt Ubuntu Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
3.3%
CVE-2018-14354 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mutt Neomutt Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.1
9.8
EPSS
6.2%
CVE-2018-14353 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Information Disclosure Mutt Neomutt Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2018-14352 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Mutt Neomutt Ubuntu Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2018-14351 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mutt Neomutt Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2018-14350 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Mutt Neomutt Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
5.0%
CVE-2018-14349 CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Mutt Neomutt Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
EPSS 0% CVSS 5.3
MEDIUM This Month

In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mutt Neomutt +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Mutt +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Mutt +2
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Mutt +1
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Mutt Neomutt +1
NVD GitHub
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Code Injection Mutt Debian Linux +4
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in NeoMutt before 2018-07-16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Debian Linux Neomutt
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Mutt Neomutt +8
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Neomutt
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Debian Linux +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Mutt Neomutt +2
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Mutt +3
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mutt Neomutt +8
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Information Disclosure Debian Linux +3
NVD GitHub
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Debian Linux Mutt +2
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mutt Neomutt +8
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Information Disclosure Mutt +3
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Mutt +3
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mutt Neomutt +2
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Mutt +3
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Mutt +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy