Vulnerabilities > Mutt
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-06-16 | CVE-2009-1390 | Improper Authentication vulnerability in Mutt 1.5.19 Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack. | 6.8 |
| 2007-05-15 | CVE-2007-2683 | Local Buffer Overflow vulnerability in Mutt 1.4.2 Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion. | 3.5 |
| 2007-03-06 | CVE-2007-1268 | Unspecified vulnerability in Mutt Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | 5.0 |
| 2006-10-16 | CVE-2006-5298 | Unspecified vulnerability in Mutt The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls. | 1.2 |
| 2006-10-16 | CVE-2006-5297 | Multiple vulnerability in Mutt Insecure Temporary File Creation Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems. | 1.2 |
| 2005-08-23 | CVE-2005-2642 | Buffer Overflow vulnerability in Mutt 1.5.10 Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext. | 7.5 |
| 2004-03-03 | CVE-2004-0078 | Remote Buffer Overflow vulnerability in Mutt Menu Drawing Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages. | 7.5 |
| 2003-06-16 | CVE-2003-0300 | Denial-Of-Service vulnerability in Pine The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. network low complexity microsoft mozilla mutt qualcomm stuart-parmenter sylpheed university-of-washington ximian | 5.0 |
| 2003-06-16 | CVE-2003-0299 | Denial-Of-Service vulnerability in Balsa The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors. | 7.5 |
| 2003-04-02 | CVE-2003-0167 | Remote Folder Buffer Overflow vulnerability in Mutt IMAP Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140. | 7.5 |