1.5.15

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-09	CVE-2023-4874	NULL Pointer Dereference vulnerability in multiple products Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 network low complexity mutt debian CWE-476	6.5
2023-09-09	CVE-2023-4875	NULL Pointer Dereference vulnerability in multiple products Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 network low complexity mutt debian CWE-476	5.7
2022-04-14	CVE-2022-1328	Classic Buffer Overflow vulnerability in multiple products Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line network low complexity mutt debian fedoraproject CWE-120	5.3
2021-01-19	CVE-2021-3181	Memory Leak vulnerability in multiple products rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). network low complexity mutt debian fedoraproject CWE-401	6.5
2020-11-23	CVE-2020-28896	Improper Handling of Exceptional Conditions vulnerability in multiple products Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. network high complexity neomutt mutt debian CWE-755	5.3
2020-06-21	CVE-2020-14954	Injection vulnerability in multiple products Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. network high complexity mutt debian neomutt fedoraproject canonical opensuse CWE-74	5.9
2020-06-15	CVE-2020-14154	Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. network high complexity mutt canonical	4.8
2020-06-15	CVE-2020-14093	Cleartext Transmission of Sensitive Information vulnerability in multiple products Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. network high complexity mutt canonical debian opensuse CWE-319	5.9
2019-11-01	CVE-2005-2351	Exposure of Resource to Wrong Sphere vulnerability in multiple products Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files. local low complexity mutt debian CWE-668	5.5
2018-07-17	CVE-2018-14362	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. network low complexity mutt neomutt canonical debian redhat CWE-119 critical	9.8