pkg:Debian/mutt
64 total CVEsCRITICAL16HIGH1MEDIUM22LOW6
✅ Check your installed version
All known vulnerabilities
- CRITICAL9.8CVE-2018-14362An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.from 0, < 1.10.1-1
- from 0, < 1.9.1-1
- from 0, < 1.9.1-1
- CRITICAL9.8CVE-2018-14359An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.from 0, < 1.10.1-1
- CRITICAL9.8CVE-2018-14358An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.from 0, < 1.10.1-1
- CRITICAL9.8CVE-2018-14357An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.from 0, < 1.10.1-1
- CRITICAL9.8CVE-2018-14356An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.from 0, < 1.10.1-1
- CRITICAL9.8CVE-2018-14354An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.from 0, < 1.10.1-1
- CRITICAL9.8CVE-2018-14353An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.from 0, < 1.10.1-1
- CRITICAL9.8CVE-2018-14352An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.from 0, < 1.10.1-1
- CRITICAL9.8CVE-2018-14351An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.from 0, < 1.10.1-1
- CRITICAL9.8CVE-2018-14350An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16.from 0, < 1.10.1-1
- from 0, < 1.5.23-3+deb8u1
- from 0, < 1.7.2-1+deb9u1
- from 0, < 1.10.1-1
- CRITICAL9.1CVE-2021-32055Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an ou…from 0, < 2.0.5-4.1
- from 0, < 1.9.1-1
- MEDIUM6.5CVE-2024-49393In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a mess…from 0
- from 0, < 1.10.1-2.1+deb10u7
- from 0, < 2.0.5-4.1+deb11u3
- from 0, < 2.0.5-4.1+deb11u3
- from 0, < 1.10.1-2.1+deb10u5
- from 0, < 1.7.2-1+deb9u5
- from 0, < 2.0.5-1
- MEDIUM5.9CVE-2020-14954Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3.from 0, < 1.14.4-1
- from 0, < 1.5.23-3+deb8u2
- from 0, < 1.7.2-1+deb9u3
- from 0, < 1.5.23-3+deb8u3
- from 0, < 1.14.3-1
- MEDIUM5.7CVE-2023-4875Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12from 0, < 2.0.5-4.1+deb11u3
- MEDIUM5.5CVE-2005-2351Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files.from 0, < 1.5.20-7
- MEDIUM5.3CVE-2024-49395In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from th…from 0
- MEDIUM5.3CVE-2024-49394In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unenc…from 0
- from 0, < 1.7.2-1+deb9u6
- from 0, < 2.0.5-4.1+deb11u1
- from 0, < 2.0.2-1
- from 0, < 1.7.2-1+deb9u4
- from 0, < 1.10.1-1
- MEDIUM4.8CVE-2020-14154Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate…from 0, < 1.14.3-1
- LOW3.7CVE-2026-43863mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.from 0
- from 0
- from 0
- LOW3.7CVE-2026-43860mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.from 0
- LOW3.7CVE-2026-43859mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest.from 0
- from 0
- from 0, < 1.5.20-9+squeeze4
- from 0, < 1.5.23-2
- from 0, < 1.5.21-6.2+deb7u3
- from 0, < 1.5.22-2
- from 0, < 1.5.20-9+squeeze3
- —CVE-2011-1429Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the…from 0, < 1.5.21-5
- —CVE-2009-1390Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certifica…from 0, < 1.5.20-1
- —CVE-2007-2683Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the o…from 0, < 1.5.15+20070608-1
- from 0, < 1.5.18-6
- —CVE-2007-1268Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishin…from 0
- —CVE-2006-5298The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created wit…from 0, < 1.5.13-1.1
- —CVE-2006-5297Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, al…from 0, < 1.5.13-1.1
- from 0, < 1.5.11+cvs20060403-2
- from 0, < 1.5.9-2sarge2
- —CVE-2004-0078Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of…from 0, < 1.5.6-20040722+1
- from 0, < 1.3.28-2.2
- from 0, < 1.4.0
- from 0, < 1.5.4-1
- from 0, < 1.3.28-2.1