FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a2f35081-8a02-11e8-8fa5-4437e6ad11c4mutt -- remote code injection and path traversal vulnerability

Kevin J. McCarthy reports:

Fixes a remote code injection vulnerability when "subscribing" to an IMAP mailbox, either via $imap_check_subscribed, or via the function in the browser menu. Mutt was generating a "mailboxes" command and sending that along to the muttrc parser. However, it was not escaping "`", which executes code and inserts the result. This would allow a malicious IMAP server to execute arbitrary code (for $imap_check_subscribed).

Fixes POP body caching path traversal vulnerability.

Fixes IMAP header caching path traversal vulnerability.

CVE-2018-14349 - NO Response Heap Overflow

CVE-2018-14350 - INTERNALDATE Stack Overflow

CVE-2018-14351 - STATUS Literal Length relative write

CVE-2018-14352 - imap_quote_string off-by-one stack overflow

CVE-2018-14353 - imap_quote_string int underflow

CVE-2018-14354 - imap_subscribe Remote Code Execution

CVE-2018-14355 - STATUS mailbox header cache directory traversal

CVE-2018-14356 - POP empty UID NULL deref

CVE-2018-14357 - LSUB Remote Code Execution

CVE-2018-14358 - RFC822.SIZE Stack Overflow

CVE-2018-14359 - base64 decode Stack Overflow

CVE-2018-14362 - POP Message Cache Directory Traversal


Discovery 2018-07-15
Entry 2018-07-17
mutt
< 1.10.1

CVE-2018-14349
CVE-2018-14350
CVE-2018-14351
CVE-2018-14352
CVE-2018-14353
CVE-2018-14354
CVE-2018-14355
CVE-2018-14356
CVE-2018-14357
CVE-2018-14358
CVE-2018-14359
CVE-2018-14362
http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20180716/000004.html
387bbade-5d1d-11eb-bf20-4437e6ad11c4mutt -- denial of service

Tavis Ormandy reports:

rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.


Discovery 2021-01-17
Entry 2021-01-23
mutt
< 2.0.5

https://gitlab.com/muttmua/mutt/-/issues/323
CVE-2021-3181
dc132c91-2b71-11eb-8cfd-4437e6ad11c4mutt -- authentication credentials being sent over an unencrypted connection

Kevin J. McCarthy reports:

Mutt had incorrect error handling when initially connecting to an IMAP server, which could result in an attempt to authenticate without enabling TLS.


Discovery 2020-11-20
Entry 2020-11-20
mutt
< 2.0.2

CVE-2020-28896
https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a
fe12ef83-8b47-11e8-96cc-001a4a7ec6bemutt/neomutt -- multiple vulnerabilities

NeoMutt report:

Description

CVE-2018-14349

NO Response Heap Overflow

CVE-2018-14350

INTERNALDATE Stack Overflow

CVE-2018-14351

STATUS Literal Length relative write

CVE-2018-14352

imap_quote_string off-by-one stack overflow

CVE-2018-14353

imap_quote_string int underflow

CVE-2018-14354

imap_subscribe Remote Code Execution

CVE-2018-14355

STATUS mailbox header cache directory traversal

CVE-2018-14356

POP empty UID NULL deref

CVE-2018-14357

LSUB Remote Code Execution

CVE-2018-14358

RFC822.SIZE Stack Overflow

CVE-2018-14359

base64 decode Stack Overflow

CVE-2018-14360

NNTP Group Stack Overflow

CVE-2018-14361

NNTP Write 1 where via GROUP response

CVE-2018-14362

POP Message Cache Directory Traversal

CVE-2018-14363

NNTP Header Cache Directory Traversal


Discovery 2018-07-10
Entry 2018-07-19
neomutt
< 20180716

mutt
< 1.10.1

mutt14
< *

CVE-2018-14349
CVE-2018-14350
CVE-2018-14351
CVE-2018-14352
CVE-2018-14353
CVE-2018-14354
CVE-2018-14355
CVE-2018-14356
CVE-2018-14357
CVE-2018-14358
CVE-2018-14359
CVE-2018-14360
CVE-2018-14361
CVE-2018-14362
CVE-2018-14363
https://github.com/neomutt/neomutt/releases/tag/neomutt-20180716
5b397852-b1d0-11ea-a11c-4437e6ad11c4IMAP fcc/postpone machine-in-the-middle attack

mutt 1.14.3 updates:

CVE-2020-14093 - IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.


Discovery 2020-06-14
Entry 2020-06-24
mutt
le 1.14.2

https://github.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01
CVE-2020-14093
29b13a34-b1d2-11ea-a11c-4437e6ad11c4Machine-in-the-middle response injection attack when using STARTTLS with IMAP, POP3, and SMTP

mutt 1.14.4 updates:

CVE-2020-14954 - Machine-in-the-middle response injection attack when using STARTTLS with IMAP, POP3, and SMTP


Discovery 2020-06-16
Entry 2020-06-24
mutt
le 1.14.3

CVE-2020-14954
https://gitlab.com/muttmua/mutt/-/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4