Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2014-03-14	CVE-2014-0467	Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in copy.c in Mutt before 1.5.23 allows remote attackers to cause a denial of service (crash) via a crafted RFC2047 header line, related to address expansion. network low complexity mutt opensuse CWE-119	5.0
2011-03-16	CVE-2011-1429	Improper Input Validation vulnerability in Mutt Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766. network mutt CWE-20	5.8
2009-10-23	CVE-2009-3766	Cryptographic Issues vulnerability in Mutt 1.5.16/1.5.17/1.5.18 mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. network mutt openssl CWE-310	6.8
2009-10-23	CVE-2009-3765	Cryptographic Issues vulnerability in Mutt 1.5.19/1.5.20 mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. network mutt openssl CWE-310	6.8
2009-06-16	CVE-2009-1390	Improper Authentication vulnerability in Mutt 1.5.19 Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack. network mutt openssl gnu CWE-287	6.8
2007-03-06	CVE-2007-1268	Unspecified vulnerability in Mutt Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. network low complexity mutt	5.0
2003-06-16	CVE-2003-0300	Denial-Of-Service vulnerability in Pine The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. network low complexity microsoft mozilla mutt qualcomm stuart-parmenter sylpheed university-of-washington ximian	5.0