Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities found for mailutils by gnu
CVE-2019-18862 (GCVE-0-2019-18862)
Vulnerability from cvelistv5 – Published: 2019-11-11 15:49 – Updated: 2024-08-05 02:02
VLAI
Summary
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://git.savannah.gnu.org/cgit/mailutils.git/t… | x_refsource_MISC |
| http://packetstormsecurity.com/files/155425/GNU-M… | x_refsource_MISC |
| https://security.gentoo.org/glsa/202006-12 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.savannah.gnu.org/cgit/mailutils.git/tree/NEWS"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155425/GNU-Mailutils-3.7-Privilege-Escalation.html"
},
{
"name": "GLSA-202006-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202006-12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-13T03:06:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.savannah.gnu.org/cgit/mailutils.git/tree/NEWS"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155425/GNU-Mailutils-3.7-Privilege-Escalation.html"
},
{
"name": "GLSA-202006-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202006-12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.savannah.gnu.org/cgit/mailutils.git/tree/NEWS",
"refsource": "MISC",
"url": "https://git.savannah.gnu.org/cgit/mailutils.git/tree/NEWS"
},
{
"name": "http://packetstormsecurity.com/files/155425/GNU-Mailutils-3.7-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155425/GNU-Mailutils-3.7-Privilege-Escalation.html"
},
{
"name": "GLSA-202006-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202006-12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18862",
"datePublished": "2019-11-11T15:49:12.000Z",
"dateReserved": "2019-11-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:02:39.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2878 (GCVE-0-2005-2878)
Vulnerability from cvelistv5 – Published: 2005-09-13 04:00 – Updated: 2024-08-07 22:53
VLAI
Summary
Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://savannah.gnu.org/patch/index.php?func=deta… | x_refsource_CONFIRM |
| http://secunia.com/advisories/17020 | third-party-advisoryx_refsource_SECUNIA |
| http://www.gentoo.org/security/en/glsa/glsa-20050… | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/16783 | third-party-advisoryx_refsource_SECUNIA |
| http://www.idefense.com/application/poi/display?i… | third-party-advisoryx_refsource_IDEFENSE |
| http://www.rosiello.org/archivio/imap4d_FreeBSD_e… | x_refsource_MISC |
| http://www.debian.org/security/2005/dsa-841 | vendor-advisoryx_refsource_DEBIAN |
| http://marc.info/?l=bugtraq&m=112785181316043&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/14794 | vdb-entryx_refsource_BID |
Date Public
2005-09-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://savannah.gnu.org/patch/index.php?func=detailitem\u0026item_id=4407"
},
{
"name": "17020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17020"
},
{
"name": "GLSA-200509-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-10.xml"
},
{
"name": "16783",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16783"
},
{
"name": "20050909 GNU Mailutils 0.6 imap4d \u0027search\u0027 Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=303\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rosiello.org/archivio/imap4d_FreeBSD_exploit.c"
},
{
"name": "DSA-841",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-841"
},
{
"name": "20050926 FreeBSD GNU Mailutils 0.6 imap4d exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112785181316043\u0026w=2"
},
{
"name": "14794",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14794"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://savannah.gnu.org/patch/index.php?func=detailitem\u0026item_id=4407"
},
{
"name": "17020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17020"
},
{
"name": "GLSA-200509-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-10.xml"
},
{
"name": "16783",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16783"
},
{
"name": "20050909 GNU Mailutils 0.6 imap4d \u0027search\u0027 Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=303\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rosiello.org/archivio/imap4d_FreeBSD_exploit.c"
},
{
"name": "DSA-841",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-841"
},
{
"name": "20050926 FreeBSD GNU Mailutils 0.6 imap4d exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112785181316043\u0026w=2"
},
{
"name": "14794",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14794"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://savannah.gnu.org/patch/index.php?func=detailitem\u0026item_id=4407",
"refsource": "CONFIRM",
"url": "http://savannah.gnu.org/patch/index.php?func=detailitem\u0026item_id=4407"
},
{
"name": "17020",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17020"
},
{
"name": "GLSA-200509-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-10.xml"
},
{
"name": "16783",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16783"
},
{
"name": "20050909 GNU Mailutils 0.6 imap4d \u0027search\u0027 Format String Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=303\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"name": "http://www.rosiello.org/archivio/imap4d_FreeBSD_exploit.c",
"refsource": "MISC",
"url": "http://www.rosiello.org/archivio/imap4d_FreeBSD_exploit.c"
},
{
"name": "DSA-841",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-841"
},
{
"name": "20050926 FreeBSD GNU Mailutils 0.6 imap4d exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112785181316043\u0026w=2"
},
{
"name": "14794",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14794"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2878",
"datePublished": "2005-09-13T04:00:00.000Z",
"dateReserved": "2005-09-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:53:29.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1824 (GCVE-0-2005-1824)
Vulnerability from cvelistv5 – Published: 2005-06-02 04:00 – Updated: 2024-08-07 22:06
VLAI
Summary
The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.gentoo.org/security/en/glsa/glsa-20050… | vendor-advisoryx_refsource_GENTOO |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031 | x_refsource_CONFIRM |
Date Public
2005-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200506-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200506-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the \"\\\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-08T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200506-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200506-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the \"\\\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200506-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200506-02.xml"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1824",
"datePublished": "2005-06-02T04:00:00.000Z",
"dateReserved": "2005-06-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:06:57.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1521 (GCVE-0-2005-1521)
Vulnerability from cvelistv5 – Published: 2005-05-26 04:00 – Updated: 2024-08-07 21:51
VLAI
Summary
Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1014052 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/13763 | vdb-entryx_refsource_BID |
| http://www.idefense.com/application/poi/display?i… | third-party-advisoryx_refsource_IDEFENSE |
| http://secunia.com/advisories/15442 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2005/dsa-732 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2005-05-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "13763",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13763"
},
{
"name": "20050525 GNU Mailutils 0.6 imap4d fetch_io Heap overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=248\u0026type=vulnerabilities"
},
{
"name": "15442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15442"
},
{
"name": "DSA-732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-732"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-04T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "13763",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13763"
},
{
"name": "20050525 GNU Mailutils 0.6 imap4d fetch_io Heap overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=248\u0026type=vulnerabilities"
},
{
"name": "15442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15442"
},
{
"name": "DSA-732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-732"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014052",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "13763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13763"
},
{
"name": "20050525 GNU Mailutils 0.6 imap4d fetch_io Heap overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=248\u0026type=vulnerabilities"
},
{
"name": "15442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15442"
},
{
"name": "DSA-732",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-732"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1521",
"datePublished": "2005-05-26T04:00:00.000Z",
"dateReserved": "2005-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:51:50.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1523 (GCVE-0-2005-1523)
Vulnerability from cvelistv5 – Published: 2005-05-26 04:00 – Updated: 2024-08-07 21:51
VLAI
Summary
Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1014052 | vdb-entryx_refsource_SECTRACK |
| http://www.idefense.com/application/poi/display?i… | third-party-advisoryx_refsource_IDEFENSE |
| http://secunia.com/advisories/15442 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2005/dsa-732 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/13764 | vdb-entryx_refsource_BID |
Date Public
2005-05-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "20050525 GNU Mailutils 0.6 imap4d Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=246\u0026type=vulnerabilities"
},
{
"name": "15442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15442"
},
{
"name": "DSA-732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-732"
},
{
"name": "13764",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-04T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "20050525 GNU Mailutils 0.6 imap4d Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=246\u0026type=vulnerabilities"
},
{
"name": "15442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15442"
},
{
"name": "DSA-732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-732"
},
{
"name": "13764",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014052",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "20050525 GNU Mailutils 0.6 imap4d Format String Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=246\u0026type=vulnerabilities"
},
{
"name": "15442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15442"
},
{
"name": "DSA-732",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-732"
},
{
"name": "13764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1523",
"datePublished": "2005-05-26T04:00:00.000Z",
"dateReserved": "2005-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:51:50.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1522 (GCVE-0-2005-1522)
Vulnerability from cvelistv5 – Published: 2005-05-26 04:00 – Updated: 2024-08-07 21:51
VLAI
Summary
The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.idefense.com/application/poi/display?i… | third-party-advisoryx_refsource_IDEFENSE |
| http://securitytracker.com/id?1014052 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/15442 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/13765 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2005/dsa-732 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2005-05-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050525 GNU Mailutils 0.6 imap4d FETCH Commad Resource Consumption DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=247\u0026type=vulnerabilities"
},
{
"name": "1014052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "15442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15442"
},
{
"name": "13765",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13765"
},
{
"name": "DSA-732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-732"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-04T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050525 GNU Mailutils 0.6 imap4d FETCH Commad Resource Consumption DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=247\u0026type=vulnerabilities"
},
{
"name": "1014052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "15442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15442"
},
{
"name": "13765",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13765"
},
{
"name": "DSA-732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-732"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050525 GNU Mailutils 0.6 imap4d FETCH Commad Resource Consumption DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=247\u0026type=vulnerabilities"
},
{
"name": "1014052",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "15442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15442"
},
{
"name": "13765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13765"
},
{
"name": "DSA-732",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-732"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1522",
"datePublished": "2005-05-26T04:00:00.000Z",
"dateReserved": "2005-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:51:50.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1520 (GCVE-0-2005-1520)
Vulnerability from cvelistv5 – Published: 2005-05-26 04:00 – Updated: 2024-08-07 21:51
VLAI
Summary
Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1014052 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/13766 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/15442 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2005/dsa-732 | vendor-advisoryx_refsource_DEBIAN |
| http://www.idefense.com/application/poi/display?i… | third-party-advisoryx_refsource_IDEFENSE |
Date Public
2005-05-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "13766",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13766"
},
{
"name": "15442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15442"
},
{
"name": "DSA-732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-732"
},
{
"name": "20050525 GNU Mailutils 0.6 mail header_get_field_name() Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=249\u0026type=vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-04T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "13766",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13766"
},
{
"name": "15442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15442"
},
{
"name": "DSA-732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-732"
},
{
"name": "20050525 GNU Mailutils 0.6 mail header_get_field_name() Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=249\u0026type=vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014052",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "13766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13766"
},
{
"name": "15442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15442"
},
{
"name": "DSA-732",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-732"
},
{
"name": "20050525 GNU Mailutils 0.6 mail header_get_field_name() Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=249\u0026type=vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1520",
"datePublished": "2005-05-26T04:00:00.000Z",
"dateReserved": "2005-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:51:50.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0984 (GCVE-0-2004-0984)
Vulnerability from cvelistv5 – Published: 2005-04-21 04:00 – Updated: 2024-08-08 00:38
VLAI
Summary
Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://packages.debian.org/changelogs/pool/main/m… | x_refsource_CONFIRM |
Date Public
2004-11-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:38:59.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packages.debian.org/changelogs/pool/main/m/mailutils/mailutils_0.6-2/changelog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:37:34.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packages.debian.org/changelogs/pool/main/m/mailutils/mailutils_0.6-2/changelog"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packages.debian.org/changelogs/pool/main/m/mailutils/mailutils_0.6-2/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/m/mailutils/mailutils_0.6-2/changelog"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0984",
"datePublished": "2005-04-21T04:00:00.000Z",
"dateReserved": "2004-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:38:59.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18862 (GCVE-0-2019-18862)
Vulnerability from nvd – Published: 2019-11-11 15:49 – Updated: 2024-08-05 02:02
VLAI
Summary
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://git.savannah.gnu.org/cgit/mailutils.git/t… | x_refsource_MISC |
| http://packetstormsecurity.com/files/155425/GNU-M… | x_refsource_MISC |
| https://security.gentoo.org/glsa/202006-12 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.savannah.gnu.org/cgit/mailutils.git/tree/NEWS"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/155425/GNU-Mailutils-3.7-Privilege-Escalation.html"
},
{
"name": "GLSA-202006-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202006-12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-13T03:06:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.savannah.gnu.org/cgit/mailutils.git/tree/NEWS"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/155425/GNU-Mailutils-3.7-Privilege-Escalation.html"
},
{
"name": "GLSA-202006-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202006-12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.savannah.gnu.org/cgit/mailutils.git/tree/NEWS",
"refsource": "MISC",
"url": "https://git.savannah.gnu.org/cgit/mailutils.git/tree/NEWS"
},
{
"name": "http://packetstormsecurity.com/files/155425/GNU-Mailutils-3.7-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/155425/GNU-Mailutils-3.7-Privilege-Escalation.html"
},
{
"name": "GLSA-202006-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202006-12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18862",
"datePublished": "2019-11-11T15:49:12.000Z",
"dateReserved": "2019-11-11T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:02:39.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2878 (GCVE-0-2005-2878)
Vulnerability from nvd – Published: 2005-09-13 04:00 – Updated: 2024-08-07 22:53
VLAI
Summary
Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://savannah.gnu.org/patch/index.php?func=deta… | x_refsource_CONFIRM |
| http://secunia.com/advisories/17020 | third-party-advisoryx_refsource_SECUNIA |
| http://www.gentoo.org/security/en/glsa/glsa-20050… | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/16783 | third-party-advisoryx_refsource_SECUNIA |
| http://www.idefense.com/application/poi/display?i… | third-party-advisoryx_refsource_IDEFENSE |
| http://www.rosiello.org/archivio/imap4d_FreeBSD_e… | x_refsource_MISC |
| http://www.debian.org/security/2005/dsa-841 | vendor-advisoryx_refsource_DEBIAN |
| http://marc.info/?l=bugtraq&m=112785181316043&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/14794 | vdb-entryx_refsource_BID |
Date Public
2005-09-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://savannah.gnu.org/patch/index.php?func=detailitem\u0026item_id=4407"
},
{
"name": "17020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17020"
},
{
"name": "GLSA-200509-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-10.xml"
},
{
"name": "16783",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16783"
},
{
"name": "20050909 GNU Mailutils 0.6 imap4d \u0027search\u0027 Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=303\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rosiello.org/archivio/imap4d_FreeBSD_exploit.c"
},
{
"name": "DSA-841",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-841"
},
{
"name": "20050926 FreeBSD GNU Mailutils 0.6 imap4d exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112785181316043\u0026w=2"
},
{
"name": "14794",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14794"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://savannah.gnu.org/patch/index.php?func=detailitem\u0026item_id=4407"
},
{
"name": "17020",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17020"
},
{
"name": "GLSA-200509-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-10.xml"
},
{
"name": "16783",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16783"
},
{
"name": "20050909 GNU Mailutils 0.6 imap4d \u0027search\u0027 Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=303\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rosiello.org/archivio/imap4d_FreeBSD_exploit.c"
},
{
"name": "DSA-841",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-841"
},
{
"name": "20050926 FreeBSD GNU Mailutils 0.6 imap4d exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112785181316043\u0026w=2"
},
{
"name": "14794",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14794"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://savannah.gnu.org/patch/index.php?func=detailitem\u0026item_id=4407",
"refsource": "CONFIRM",
"url": "http://savannah.gnu.org/patch/index.php?func=detailitem\u0026item_id=4407"
},
{
"name": "17020",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17020"
},
{
"name": "GLSA-200509-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-10.xml"
},
{
"name": "16783",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16783"
},
{
"name": "20050909 GNU Mailutils 0.6 imap4d \u0027search\u0027 Format String Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=303\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"name": "http://www.rosiello.org/archivio/imap4d_FreeBSD_exploit.c",
"refsource": "MISC",
"url": "http://www.rosiello.org/archivio/imap4d_FreeBSD_exploit.c"
},
{
"name": "DSA-841",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-841"
},
{
"name": "20050926 FreeBSD GNU Mailutils 0.6 imap4d exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112785181316043\u0026w=2"
},
{
"name": "14794",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14794"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2878",
"datePublished": "2005-09-13T04:00:00.000Z",
"dateReserved": "2005-09-13T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:53:29.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1824 (GCVE-0-2005-1824)
Vulnerability from nvd – Published: 2005-06-02 04:00 – Updated: 2024-08-07 22:06
VLAI
Summary
The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.gentoo.org/security/en/glsa/glsa-20050… | vendor-advisoryx_refsource_GENTOO |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031 | x_refsource_CONFIRM |
Date Public
2005-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200506-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200506-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the \"\\\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-08T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200506-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200506-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the \"\\\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200506-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200506-02.xml"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1824",
"datePublished": "2005-06-02T04:00:00.000Z",
"dateReserved": "2005-06-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:06:57.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1521 (GCVE-0-2005-1521)
Vulnerability from nvd – Published: 2005-05-26 04:00 – Updated: 2024-08-07 21:51
VLAI
Summary
Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1014052 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/13763 | vdb-entryx_refsource_BID |
| http://www.idefense.com/application/poi/display?i… | third-party-advisoryx_refsource_IDEFENSE |
| http://secunia.com/advisories/15442 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2005/dsa-732 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2005-05-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "13763",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13763"
},
{
"name": "20050525 GNU Mailutils 0.6 imap4d fetch_io Heap overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=248\u0026type=vulnerabilities"
},
{
"name": "15442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15442"
},
{
"name": "DSA-732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-732"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-04T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "13763",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13763"
},
{
"name": "20050525 GNU Mailutils 0.6 imap4d fetch_io Heap overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=248\u0026type=vulnerabilities"
},
{
"name": "15442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15442"
},
{
"name": "DSA-732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-732"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014052",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "13763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13763"
},
{
"name": "20050525 GNU Mailutils 0.6 imap4d fetch_io Heap overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=248\u0026type=vulnerabilities"
},
{
"name": "15442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15442"
},
{
"name": "DSA-732",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-732"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1521",
"datePublished": "2005-05-26T04:00:00.000Z",
"dateReserved": "2005-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:51:50.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1523 (GCVE-0-2005-1523)
Vulnerability from nvd – Published: 2005-05-26 04:00 – Updated: 2024-08-07 21:51
VLAI
Summary
Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1014052 | vdb-entryx_refsource_SECTRACK |
| http://www.idefense.com/application/poi/display?i… | third-party-advisoryx_refsource_IDEFENSE |
| http://secunia.com/advisories/15442 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2005/dsa-732 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/13764 | vdb-entryx_refsource_BID |
Date Public
2005-05-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "20050525 GNU Mailutils 0.6 imap4d Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=246\u0026type=vulnerabilities"
},
{
"name": "15442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15442"
},
{
"name": "DSA-732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-732"
},
{
"name": "13764",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-04T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "20050525 GNU Mailutils 0.6 imap4d Format String Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=246\u0026type=vulnerabilities"
},
{
"name": "15442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15442"
},
{
"name": "DSA-732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-732"
},
{
"name": "13764",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014052",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "20050525 GNU Mailutils 0.6 imap4d Format String Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=246\u0026type=vulnerabilities"
},
{
"name": "15442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15442"
},
{
"name": "DSA-732",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-732"
},
{
"name": "13764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1523",
"datePublished": "2005-05-26T04:00:00.000Z",
"dateReserved": "2005-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:51:50.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1522 (GCVE-0-2005-1522)
Vulnerability from nvd – Published: 2005-05-26 04:00 – Updated: 2024-08-07 21:51
VLAI
Summary
The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.idefense.com/application/poi/display?i… | third-party-advisoryx_refsource_IDEFENSE |
| http://securitytracker.com/id?1014052 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/15442 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/13765 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2005/dsa-732 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2005-05-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050525 GNU Mailutils 0.6 imap4d FETCH Commad Resource Consumption DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=247\u0026type=vulnerabilities"
},
{
"name": "1014052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "15442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15442"
},
{
"name": "13765",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13765"
},
{
"name": "DSA-732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-732"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-04T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050525 GNU Mailutils 0.6 imap4d FETCH Commad Resource Consumption DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=247\u0026type=vulnerabilities"
},
{
"name": "1014052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "15442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15442"
},
{
"name": "13765",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13765"
},
{
"name": "DSA-732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-732"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050525 GNU Mailutils 0.6 imap4d FETCH Commad Resource Consumption DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=247\u0026type=vulnerabilities"
},
{
"name": "1014052",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "15442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15442"
},
{
"name": "13765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13765"
},
{
"name": "DSA-732",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-732"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1522",
"datePublished": "2005-05-26T04:00:00.000Z",
"dateReserved": "2005-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:51:50.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1520 (GCVE-0-2005-1520)
Vulnerability from nvd – Published: 2005-05-26 04:00 – Updated: 2024-08-07 21:51
VLAI
Summary
Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1014052 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/13766 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/15442 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2005/dsa-732 | vendor-advisoryx_refsource_DEBIAN |
| http://www.idefense.com/application/poi/display?i… | third-party-advisoryx_refsource_IDEFENSE |
Date Public
2005-05-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "13766",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13766"
},
{
"name": "15442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15442"
},
{
"name": "DSA-732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-732"
},
{
"name": "20050525 GNU Mailutils 0.6 mail header_get_field_name() Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=249\u0026type=vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-04T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014052",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "13766",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13766"
},
{
"name": "15442",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15442"
},
{
"name": "DSA-732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-732"
},
{
"name": "20050525 GNU Mailutils 0.6 mail header_get_field_name() Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=249\u0026type=vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014052",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "13766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13766"
},
{
"name": "15442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15442"
},
{
"name": "DSA-732",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-732"
},
{
"name": "20050525 GNU Mailutils 0.6 mail header_get_field_name() Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=249\u0026type=vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1520",
"datePublished": "2005-05-26T04:00:00.000Z",
"dateReserved": "2005-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:51:50.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0984 (GCVE-0-2004-0984)
Vulnerability from nvd – Published: 2005-04-21 04:00 – Updated: 2024-08-08 00:38
VLAI
Summary
Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://packages.debian.org/changelogs/pool/main/m… | x_refsource_CONFIRM |
Date Public
2004-11-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:38:59.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packages.debian.org/changelogs/pool/main/m/mailutils/mailutils_0.6-2/changelog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:37:34.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packages.debian.org/changelogs/pool/main/m/mailutils/mailutils_0.6-2/changelog"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packages.debian.org/changelogs/pool/main/m/mailutils/mailutils_0.6-2/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/m/mailutils/mailutils_0.6-2/changelog"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0984",
"datePublished": "2005-04-21T04:00:00.000Z",
"dateReserved": "2004-10-24T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:38:59.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}