1.11.0

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-09	CVE-2023-4874	NULL Pointer Dereference vulnerability in multiple products Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 network low complexity mutt debian CWE-476	6.5
2023-09-09	CVE-2023-4875	NULL Pointer Dereference vulnerability in multiple products Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 network low complexity mutt debian CWE-476	5.7
2022-04-14	CVE-2022-1328	Classic Buffer Overflow vulnerability in multiple products Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line network low complexity mutt debian fedoraproject CWE-120	5.3
2021-05-05	CVE-2021-32055	Out-of-bounds Read vulnerability in multiple products Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. network low complexity neomutt mutt CWE-125 critical	9.1
2021-01-19	CVE-2021-3181	Memory Leak vulnerability in multiple products rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). network low complexity mutt debian fedoraproject CWE-401	6.5
2020-11-23	CVE-2020-28896	Improper Handling of Exceptional Conditions vulnerability in multiple products Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. network high complexity neomutt mutt debian CWE-755	5.3
2020-06-21	CVE-2020-14954	Injection vulnerability in multiple products Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. network high complexity mutt debian neomutt fedoraproject canonical opensuse CWE-74	5.9
2020-06-15	CVE-2020-14154	Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. network high complexity mutt canonical	4.8
2020-06-15	CVE-2020-14093	Cleartext Transmission of Sensitive Information vulnerability in multiple products Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. network high complexity mutt canonical debian opensuse CWE-319	5.9