Vulnerabilities > Neomutt

DATE CVE VULNERABILITY TITLE RISK
2024-11-12 CVE-2024-49394 Improper Verification of Cryptographic Signature vulnerability in multiple products
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.
network
low complexity
neomutt mutt redhat CWE-347
5.3
2024-11-12 CVE-2024-49395 In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.
network
low complexity
neomutt mutt redhat
5.3
2024-11-12 CVE-2024-49393 Improper Verification of Cryptographic Signature vulnerability in multiple products
In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.
network
high complexity
neomutt mutt redhat CWE-347
5.9
2021-05-05 CVE-2021-32055 Out-of-bounds Read vulnerability in multiple products
Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma.
network
low complexity
neomutt mutt CWE-125
critical
9.1
2020-11-23 CVE-2020-28896 Improper Handling of Exceptional Conditions vulnerability in multiple products
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid.
network
high complexity
neomutt mutt debian CWE-755
5.3
2020-06-21 CVE-2020-14954 Injection vulnerability in multiple products
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3.
5.9
2018-07-17 CVE-2018-14363 Path Traversal vulnerability in multiple products
An issue was discovered in NeoMutt before 2018-07-16.
network
low complexity
debian neomutt CWE-22
7.5
2018-07-17 CVE-2018-14362 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.
network
low complexity
mutt neomutt canonical debian redhat CWE-119
critical
9.8
2018-07-17 CVE-2018-14361 Improper Input Validation vulnerability in multiple products
An issue was discovered in NeoMutt before 2018-07-16.
network
low complexity
debian neomutt CWE-20
critical
9.8
2018-07-17 CVE-2018-14360 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in NeoMutt before 2018-07-16.
network
low complexity
debian neomutt CWE-787
critical
9.8