Vulnerability-Lookup

CVE-2018-14355 (GCVE-0-2018-14355)

Vulnerability from cvelistv5 – Published: 2018-07-17 17:00 – Updated: 2024-08-05 09:29

Summary

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

8 references

URL	Tags
https://gitlab.com/muttmua/mutt/commit/31eef6c766…	x_refsource_MISC
https://usn.ubuntu.com/3719-3/	vendor-advisoryx_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4277	vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
https://github.com/neomutt/neomutt/commit/57971db…	x_refsource_MISC
https://security.gentoo.org/glsa/201810-07	vendor-advisoryx_refsource_GENTOO
http://www.mutt.org/news.html	x_refsource_MISC
https://neomutt.org/2018/07/16/release	x_refsource_MISC

Date Public

2018-07-17 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:29:50.131Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d"
          },
          {
            "name": "USN-3719-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3719-3/"
          },
          {
            "name": "DSA-4277",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4277"
          },
          {
            "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d"
          },
          {
            "name": "GLSA-201810-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-07"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.mutt.org/news.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://neomutt.org/2018/07/16/release"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-07-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles \"..\" directory traversal in a mailbox name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-31T09:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d"
        },
        {
          "name": "USN-3719-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3719-3/"
        },
        {
          "name": "DSA-4277",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4277"
        },
        {
          "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d"
        },
        {
          "name": "GLSA-201810-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-07"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.mutt.org/news.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://neomutt.org/2018/07/16/release"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-14355",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles \"..\" directory traversal in a mailbox name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d",
              "refsource": "MISC",
              "url": "https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d"
            },
            {
              "name": "USN-3719-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3719-3/"
            },
            {
              "name": "DSA-4277",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4277"
            },
            {
              "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
            },
            {
              "name": "https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d",
              "refsource": "MISC",
              "url": "https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d"
            },
            {
              "name": "GLSA-201810-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-07"
            },
            {
              "name": "http://www.mutt.org/news.html",
              "refsource": "MISC",
              "url": "http://www.mutt.org/news.html"
            },
            {
              "name": "https://neomutt.org/2018/07/16/release",
              "refsource": "MISC",
              "url": "https://neomutt.org/2018/07/16/release"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-14355",
    "datePublished": "2018-07-17T17:00:00.000Z",
    "dateReserved": "2018-07-17T00:00:00.000Z",
    "dateUpdated": "2024-08-05T09:29:50.131Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-14355",
      "date": "2026-05-27",
      "epss": "0.00808",
      "percentile": "0.74425"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.10.1\", \"matchCriteriaId\": \"2FA2C3A6-423C-4BE5-8FA7-0241384D58D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"20180716\", \"matchCriteriaId\": \"1C15CCD1-1752-4913-9506-32035B52A513\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles \\\"..\\\" directory traversal in a mailbox name.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. imap/util.c gestiona de manera incorrecta un salto de directorio \\\"..\\\" en un nombre de mailbox.\"}]",
      "id": "CVE-2018-14355",
      "lastModified": "2024-11-21T03:48:54.137",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-07-17T17:29:00.590",
      "references": "[{\"url\": \"http://www.mutt.org/news.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://neomutt.org/2018/07/16/release\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201810-07\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3719-3/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4277\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.mutt.org/news.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://neomutt.org/2018/07/16/release\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201810-07\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3719-3/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4277\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-14355\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-07-17T17:29:00.590\",\"lastModified\":\"2024-11-21T03:48:54.137\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles \\\"..\\\" directory traversal in a mailbox name.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en Mutt en versiones anteriores a la 1.10.1 y NeoMutt en versiones anteriores al 2018-07-16. imap/util.c gestiona de manera incorrecta un salto de directorio \\\"..\\\" en un nombre de mailbox.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.10.1\",\"matchCriteriaId\":\"2FA2C3A6-423C-4BE5-8FA7-0241384D58D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"20180716\",\"matchCriteriaId\":\"1C15CCD1-1752-4913-9506-32035B52A513\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}]}]}],\"references\":[{\"url\":\"http://www.mutt.org/news.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://neomutt.org/2018/07/16/release\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201810-07\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3719-3/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4277\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mutt.org/news.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://neomutt.org/2018/07/16/release\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201810-07\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3719-3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4277\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

SUSE-SU-2018:2403-1

Vulnerability from csaf_suse - Published: 2018-08-17 06:54 - Updated: 2018-08-17 06:54

Summary

Security update for mutt

Severity

Important

Notes

Title of the patch: Security update for mutt

Description of the patch: This update for mutt fixes the following issues: Security issues fixed: - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570). - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). Bug fixes: - bsc#936807: On entering a 70 character subject line in mutt, a tab is added to the text after 67 characters.

Patchnames: sleposp3-mutt-13736,slessp3-mutt-13736,slessp4-mutt-13736

CVE-2018-14349

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 17 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-14350

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 17 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-14352

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 17 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-14353

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 17 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-14354

9.6 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Recommended 17 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2018-14355

5.4 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected products

Recommended 17 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-14356

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 17 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-14357

7.1 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Affected products

Recommended 17 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-14358

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 17 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-14359

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 17 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-14362

8.1 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Affected products

Recommended 17 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

78 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1101567	self
https://bugzilla.suse.com/1101570	self
https://bugzilla.suse.com/1101571	self
https://bugzilla.suse.com/1101573	self
https://bugzilla.suse.com/1101576	self
https://bugzilla.suse.com/1101577	self
https://bugzilla.suse.com/1101578	self
https://bugzilla.suse.com/1101581	self
https://bugzilla.suse.com/1101582	self
https://bugzilla.suse.com/1101588	self
https://bugzilla.suse.com/1101589	self
https://bugzilla.suse.com/936807	self
https://www.suse.com/security/cve/CVE-2018-14349/	self
https://www.suse.com/security/cve/CVE-2018-14350/	self
https://www.suse.com/security/cve/CVE-2018-14352/	self
https://www.suse.com/security/cve/CVE-2018-14353/	self
https://www.suse.com/security/cve/CVE-2018-14354/	self
https://www.suse.com/security/cve/CVE-2018-14355/	self
https://www.suse.com/security/cve/CVE-2018-14356/	self
https://www.suse.com/security/cve/CVE-2018-14357/	self
https://www.suse.com/security/cve/CVE-2018-14358/	self
https://www.suse.com/security/cve/CVE-2018-14359/	self
https://www.suse.com/security/cve/CVE-2018-14362/	self
https://www.suse.com/security/cve/CVE-2018-14349	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101589	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14350	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101588	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14352	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101582	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14353	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101581	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14354	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101578	external
https://bugzilla.suse.com/1101581	external
https://bugzilla.suse.com/1101589	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14355	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101577	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14356	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101576	external
https://bugzilla.suse.com/1101589	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14357	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101573	external
https://bugzilla.suse.com/1101581	external
https://bugzilla.suse.com/1101589	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14358	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101571	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14359	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101570	external
https://bugzilla.suse.com/1101589	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14362	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101567	external
https://bugzilla.suse.com/1101589	external
https://bugzilla.suse.com/1101593	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for mutt",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for mutt fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582).\n- CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581).\n- CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567).\n- CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578).\n- CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576).\n- CVE-2018-14355: Fix imap/util.c that mishandles \u0027..\u0027 directory traversal in a mailbox name (bsc#1101577).\n- CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589).\n- CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588).\n- CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573).\n- CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570).\n- CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571).\n\n\nBug fixes:\n\n- bsc#936807: On entering a 70 character subject line in mutt, a tab is added to the text after 67 characters.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "sleposp3-mutt-13736,slessp3-mutt-13736,slessp4-mutt-13736",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2403-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:2403-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182403-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:2403-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-August/004462.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101567",
        "url": "https://bugzilla.suse.com/1101567"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101570",
        "url": "https://bugzilla.suse.com/1101570"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101571",
        "url": "https://bugzilla.suse.com/1101571"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101573",
        "url": "https://bugzilla.suse.com/1101573"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101576",
        "url": "https://bugzilla.suse.com/1101576"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101577",
        "url": "https://bugzilla.suse.com/1101577"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101578",
        "url": "https://bugzilla.suse.com/1101578"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101581",
        "url": "https://bugzilla.suse.com/1101581"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101582",
        "url": "https://bugzilla.suse.com/1101582"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101588",
        "url": "https://bugzilla.suse.com/1101588"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101589",
        "url": "https://bugzilla.suse.com/1101589"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 936807",
        "url": "https://bugzilla.suse.com/936807"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14349 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14349/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14350 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14350/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14352 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14352/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14353 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14353/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14354 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14354/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14355 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14355/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14356 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14356/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14357 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14357/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14358 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14358/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14359 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14359/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14362 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14362/"
      }
    ],
    "title": "Security update for mutt",
    "tracking": {
      "current_release_date": "2018-08-17T06:54:36Z",
      "generator": {
        "date": "2018-08-17T06:54:36Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:2403-1",
      "initial_release_date": "2018-08-17T06:54:36Z",
      "revision_history": [
        {
          "date": "2018-08-17T06:54:36Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mutt-1.5.17-42.43.1.i586",
                "product": {
                  "name": "mutt-1.5.17-42.43.1.i586",
                  "product_id": "mutt-1.5.17-42.43.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mutt-1.5.17-42.43.1.ia64",
                "product": {
                  "name": "mutt-1.5.17-42.43.1.ia64",
                  "product_id": "mutt-1.5.17-42.43.1.ia64"
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mutt-1.5.17-42.43.1.ppc64",
                "product": {
                  "name": "mutt-1.5.17-42.43.1.ppc64",
                  "product_id": "mutt-1.5.17-42.43.1.ppc64"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mutt-1.5.17-42.43.1.s390x",
                "product": {
                  "name": "mutt-1.5.17-42.43.1.s390x",
                  "product_id": "mutt-1.5.17-42.43.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mutt-1.5.17-42.43.1.x86_64",
                "product": {
                  "name": "mutt-1.5.17-42.43.1.x86_64",
                  "product_id": "mutt-1.5.17-42.43.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Point of Sale 11 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Point of Sale 11 SP3",
                  "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-pos:11:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP3-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles_ltss:11:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
                  "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:11:sp3:teradata"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP4",
                  "product_id": "SUSE Linux Enterprise Server 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles:11:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.5.17-42.43.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
          "product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586"
        },
        "product_reference": "mutt-1.5.17-42.43.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.5.17-42.43.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586"
        },
        "product_reference": "mutt-1.5.17-42.43.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.5.17-42.43.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x"
        },
        "product_reference": "mutt-1.5.17-42.43.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.5.17-42.43.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-LTSS",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64"
        },
        "product_reference": "mutt-1.5.17-42.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.5.17-42.43.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586"
        },
        "product_reference": "mutt-1.5.17-42.43.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.5.17-42.43.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x"
        },
        "product_reference": "mutt-1.5.17-42.43.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.5.17-42.43.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-TERADATA",
          "product_id": "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64"
        },
        "product_reference": "mutt-1.5.17-42.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-TERADATA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.5.17-42.43.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586"
        },
        "product_reference": "mutt-1.5.17-42.43.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.5.17-42.43.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64"
        },
        "product_reference": "mutt-1.5.17-42.43.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.5.17-42.43.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64"
        },
        "product_reference": "mutt-1.5.17-42.43.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.5.17-42.43.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x"
        },
        "product_reference": "mutt-1.5.17-42.43.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.5.17-42.43.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64"
        },
        "product_reference": "mutt-1.5.17-42.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.5.17-42.43.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586"
        },
        "product_reference": "mutt-1.5.17-42.43.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.5.17-42.43.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64"
        },
        "product_reference": "mutt-1.5.17-42.43.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.5.17-42.43.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64"
        },
        "product_reference": "mutt-1.5.17-42.43.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.5.17-42.43.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x"
        },
        "product_reference": "mutt-1.5.17-42.43.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.5.17-42.43.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
        },
        "product_reference": "mutt-1.5.17-42.43.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-14349",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14349"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14349",
          "url": "https://www.suse.com/security/cve/CVE-2018-14349"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14349",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101589 for CVE-2018-14349",
          "url": "https://bugzilla.suse.com/1101589"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14349",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T06:54:36Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-14349"
    },
    {
      "cve": "CVE-2018-14350",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14350"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14350",
          "url": "https://www.suse.com/security/cve/CVE-2018-14350"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14350",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101588 for CVE-2018-14350",
          "url": "https://bugzilla.suse.com/1101588"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14350",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T06:54:36Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-14350"
    },
    {
      "cve": "CVE-2018-14352",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14352"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14352",
          "url": "https://www.suse.com/security/cve/CVE-2018-14352"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14352",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101582 for CVE-2018-14352",
          "url": "https://bugzilla.suse.com/1101582"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14352",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T06:54:36Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-14352"
    },
    {
      "cve": "CVE-2018-14353",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14353"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14353",
          "url": "https://www.suse.com/security/cve/CVE-2018-14353"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14353",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101581 for CVE-2018-14353",
          "url": "https://bugzilla.suse.com/1101581"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14353",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T06:54:36Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-14353"
    },
    {
      "cve": "CVE-2018-14354",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14354"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14354",
          "url": "https://www.suse.com/security/cve/CVE-2018-14354"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14354",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101578 for CVE-2018-14354",
          "url": "https://bugzilla.suse.com/1101578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101581 for CVE-2018-14354",
          "url": "https://bugzilla.suse.com/1101581"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101589 for CVE-2018-14354",
          "url": "https://bugzilla.suse.com/1101589"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14354",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T06:54:36Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2018-14354"
    },
    {
      "cve": "CVE-2018-14355",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14355"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles \"..\" directory traversal in a mailbox name.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14355",
          "url": "https://www.suse.com/security/cve/CVE-2018-14355"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14355",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101577 for CVE-2018-14355",
          "url": "https://bugzilla.suse.com/1101577"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14355",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T06:54:36Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-14355"
    },
    {
      "cve": "CVE-2018-14356",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14356"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14356",
          "url": "https://www.suse.com/security/cve/CVE-2018-14356"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14356",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101576 for CVE-2018-14356",
          "url": "https://bugzilla.suse.com/1101576"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101589 for CVE-2018-14356",
          "url": "https://bugzilla.suse.com/1101589"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14356",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T06:54:36Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-14356"
    },
    {
      "cve": "CVE-2018-14357",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14357"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14357",
          "url": "https://www.suse.com/security/cve/CVE-2018-14357"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14357",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101573 for CVE-2018-14357",
          "url": "https://bugzilla.suse.com/1101573"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101581 for CVE-2018-14357",
          "url": "https://bugzilla.suse.com/1101581"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101589 for CVE-2018-14357",
          "url": "https://bugzilla.suse.com/1101589"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14357",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T06:54:36Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-14357"
    },
    {
      "cve": "CVE-2018-14358",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14358"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14358",
          "url": "https://www.suse.com/security/cve/CVE-2018-14358"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14358",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101571 for CVE-2018-14358",
          "url": "https://bugzilla.suse.com/1101571"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14358",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T06:54:36Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-14358"
    },
    {
      "cve": "CVE-2018-14359",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14359"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14359",
          "url": "https://www.suse.com/security/cve/CVE-2018-14359"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14359",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101570 for CVE-2018-14359",
          "url": "https://bugzilla.suse.com/1101570"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101589 for CVE-2018-14359",
          "url": "https://bugzilla.suse.com/1101589"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14359",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T06:54:36Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-14359"
    },
    {
      "cve": "CVE-2018-14362",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14362"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a \u0027/\u0027 character.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14362",
          "url": "https://www.suse.com/security/cve/CVE-2018-14362"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14362",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101567 for CVE-2018-14362",
          "url": "https://bugzilla.suse.com/1101567"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101589 for CVE-2018-14362",
          "url": "https://bugzilla.suse.com/1101589"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14362",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Point of Sale 11 SP3:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-LTSS:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP3-TERADATA:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:mutt-1.5.17-42.43.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:mutt-1.5.17-42.43.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-08-17T06:54:36Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-14362"
    }
  ]
}

SUSE-SU-2019:1196-1

Vulnerability from csaf_suse - Published: 2019-05-09 06:14 - Updated: 2019-05-09 06:14

Summary

Security update for mutt

Severity

Important

Notes

Title of the patch: Security update for mutt

Description of the patch: This update for mutt fixes the following issues: Security issues fixed: - bsc#1101428: Mutt 1.10.1 security release update. - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583). - CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581). - CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567). - CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578). - CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582). - CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576). - CVE-2018-14355: Fix imap/util.c that mishandles '..' directory traversal in a mailbox name (bsc#1101577). - CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589). - CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588). - CVE-2018-14363: Fix newsrc.c that does not properlyrestrict '/' characters that may have unsafe interaction with cache pathnames (bsc#1101566). - CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570). - CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571). - CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based buffer overflow because of incorrect sscanf usage (bsc#1101569). - CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573). - CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails for messages data (bsc#1101568). Bug fixes: - mutt reports as neomutt and incorrect version (bsc#1094717) - No sidebar available in mutt 1.6.1 from Tumbleweed snapshot 20160517 (bsc#980830) - mutt-1.6.1 unusable when built with --enable-sidebar (bsc#982129) - (neo)mutt displaying times in Zulu time (bsc#1061343) - mutt unconditionally segfaults when displaying a message (bsc#986534)

Patchnames: SUSE-2019-1196,SUSE-SLE-DESKTOP-12-SP3-2019-1196,SUSE-SLE-SERVER-12-SP3-2019-1196

CVE-2014-9116

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-14349

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-14350

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-14351

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-14352

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-14353

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-14354

9.6 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2018-14355

5.4 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-14356

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-14357

7.1 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2018-14358

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-14359

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-14360

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2018-14361

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix

Threats

Impact critical

CVE-2018-14362

8.1 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2018-14363

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 9 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64	—	Vendor Fix

Threats

Impact important

References

110 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1061343	self
https://bugzilla.suse.com/1094717	self
https://bugzilla.suse.com/1101428	self
https://bugzilla.suse.com/1101566	self
https://bugzilla.suse.com/1101567	self
https://bugzilla.suse.com/1101568	self
https://bugzilla.suse.com/1101569	self
https://bugzilla.suse.com/1101570	self
https://bugzilla.suse.com/1101571	self
https://bugzilla.suse.com/1101573	self
https://bugzilla.suse.com/1101576	self
https://bugzilla.suse.com/1101577	self
https://bugzilla.suse.com/1101578	self
https://bugzilla.suse.com/1101581	self
https://bugzilla.suse.com/1101582	self
https://bugzilla.suse.com/1101583	self
https://bugzilla.suse.com/1101588	self
https://bugzilla.suse.com/1101589	self
https://bugzilla.suse.com/980830	self
https://bugzilla.suse.com/982129	self
https://bugzilla.suse.com/986534	self
https://www.suse.com/security/cve/CVE-2014-9116/	self
https://www.suse.com/security/cve/CVE-2018-14349/	self
https://www.suse.com/security/cve/CVE-2018-14350/	self
https://www.suse.com/security/cve/CVE-2018-14351/	self
https://www.suse.com/security/cve/CVE-2018-14352/	self
https://www.suse.com/security/cve/CVE-2018-14353/	self
https://www.suse.com/security/cve/CVE-2018-14354/	self
https://www.suse.com/security/cve/CVE-2018-14355/	self
https://www.suse.com/security/cve/CVE-2018-14356/	self
https://www.suse.com/security/cve/CVE-2018-14357/	self
https://www.suse.com/security/cve/CVE-2018-14358/	self
https://www.suse.com/security/cve/CVE-2018-14359/	self
https://www.suse.com/security/cve/CVE-2018-14360/	self
https://www.suse.com/security/cve/CVE-2018-14361/	self
https://www.suse.com/security/cve/CVE-2018-14362/	self
https://www.suse.com/security/cve/CVE-2018-14363/	self
https://www.suse.com/security/cve/CVE-2014-9116	external
https://bugzilla.suse.com/907453	external
https://www.suse.com/security/cve/CVE-2018-14349	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101589	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14350	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101588	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14351	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101583	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14352	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101582	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14353	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101581	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14354	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101578	external
https://bugzilla.suse.com/1101581	external
https://bugzilla.suse.com/1101589	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14355	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101577	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14356	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101576	external
https://bugzilla.suse.com/1101589	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14357	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101573	external
https://bugzilla.suse.com/1101581	external
https://bugzilla.suse.com/1101589	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14358	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101571	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14359	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101570	external
https://bugzilla.suse.com/1101589	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14360	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101569	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14361	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101568	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14362	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101567	external
https://bugzilla.suse.com/1101589	external
https://bugzilla.suse.com/1101593	external
https://www.suse.com/security/cve/CVE-2018-14363	external
https://bugzilla.suse.com/1101428	external
https://bugzilla.suse.com/1101566	external
https://bugzilla.suse.com/1101593	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for mutt",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for mutt fixes the following issues:\n\nSecurity issues fixed:\n\n- bsc#1101428: Mutt 1.10.1 security release update.\n- CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583).\n- CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an integer underflow (bsc#1101581).\n- CVE-2018-14362: Fix pop.c that does not forbid characters that may have unsafe interaction with message-cache pathnames (bsc#1101567).\n- CVE-2018-14354: Fix arbitrary command execution from remote IMAP servers via backquote characters (bsc#1101578).\n- CVE-2018-14352: Fix imap_quote_string in imap/util.c that does not leave room for quote characters (bsc#1101582).\n- CVE-2018-14356: Fix pop.c that mishandles a zero-length UID (bsc#1101576).\n- CVE-2018-14355: Fix imap/util.c that mishandles \u0027..\u0027 directory traversal in a mailbox name (bsc#1101577).\n- CVE-2018-14349: Fix imap/command.c that mishandles a NO response without a message (bsc#1101589).\n- CVE-2018-14350: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along INTERNALDATE field (bsc#1101588).\n- CVE-2018-14363: Fix newsrc.c that does not properlyrestrict \u0027/\u0027 characters that may have unsafe interaction with cache pathnames (bsc#1101566).\n- CVE-2018-14359: Fix buffer overflow via base64 data (bsc#1101570).\n- CVE-2018-14358: Fix imap/message.c that has a stack-based buffer overflow for a FETCH response with along RFC822.SIZE field (bsc#1101571).\n- CVE-2018-14360: Fix nntp_add_group in newsrc.c that has a stack-based buffer overflow because of incorrect sscanf usage (bsc#1101569).\n- CVE-2018-14357: Fix that remote IMAP servers are allowed to execute arbitrary commands via backquote characters (bsc#1101573).\n- CVE-2018-14361: Fix that nntp.c proceeds even if memory allocation fails for messages data (bsc#1101568).\n\nBug fixes:\n\n- mutt reports as neomutt and incorrect version (bsc#1094717)\n- No sidebar available in mutt 1.6.1 from Tumbleweed snapshot 20160517 (bsc#980830)\n- mutt-1.6.1 unusable when built with --enable-sidebar (bsc#982129)\n- (neo)mutt displaying times in Zulu time (bsc#1061343)\n- mutt unconditionally segfaults when displaying a message (bsc#986534)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2019-1196,SUSE-SLE-DESKTOP-12-SP3-2019-1196,SUSE-SLE-SERVER-12-SP3-2019-1196",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_1196-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2019:1196-1",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191196-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2019:1196-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2019-May/005432.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1061343",
        "url": "https://bugzilla.suse.com/1061343"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1094717",
        "url": "https://bugzilla.suse.com/1094717"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101428",
        "url": "https://bugzilla.suse.com/1101428"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101566",
        "url": "https://bugzilla.suse.com/1101566"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101567",
        "url": "https://bugzilla.suse.com/1101567"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101568",
        "url": "https://bugzilla.suse.com/1101568"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101569",
        "url": "https://bugzilla.suse.com/1101569"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101570",
        "url": "https://bugzilla.suse.com/1101570"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101571",
        "url": "https://bugzilla.suse.com/1101571"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101573",
        "url": "https://bugzilla.suse.com/1101573"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101576",
        "url": "https://bugzilla.suse.com/1101576"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101577",
        "url": "https://bugzilla.suse.com/1101577"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101578",
        "url": "https://bugzilla.suse.com/1101578"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101581",
        "url": "https://bugzilla.suse.com/1101581"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101582",
        "url": "https://bugzilla.suse.com/1101582"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101583",
        "url": "https://bugzilla.suse.com/1101583"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101588",
        "url": "https://bugzilla.suse.com/1101588"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1101589",
        "url": "https://bugzilla.suse.com/1101589"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 980830",
        "url": "https://bugzilla.suse.com/980830"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 982129",
        "url": "https://bugzilla.suse.com/982129"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 986534",
        "url": "https://bugzilla.suse.com/986534"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-9116 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-9116/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14349 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14349/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14350 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14350/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14351 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14351/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14352 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14352/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14353 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14353/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14354 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14354/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14355 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14355/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14356 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14356/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14357 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14357/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14358 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14358/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14359 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14359/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14360 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14360/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14361 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14361/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14362 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14362/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-14363 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-14363/"
      }
    ],
    "title": "Security update for mutt",
    "tracking": {
      "current_release_date": "2019-05-09T06:14:33Z",
      "generator": {
        "date": "2019-05-09T06:14:33Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2019:1196-1",
      "initial_release_date": "2019-05-09T06:14:33Z",
      "revision_history": [
        {
          "date": "2019-05-09T06:14:33Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mutt-1.10.1-55.6.1.aarch64",
                "product": {
                  "name": "mutt-1.10.1-55.6.1.aarch64",
                  "product_id": "mutt-1.10.1-55.6.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mutt-1.10.1-55.6.1.ppc64le",
                "product": {
                  "name": "mutt-1.10.1-55.6.1.ppc64le",
                  "product_id": "mutt-1.10.1-55.6.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mutt-1.10.1-55.6.1.s390x",
                "product": {
                  "name": "mutt-1.10.1-55.6.1.s390x",
                  "product_id": "mutt-1.10.1-55.6.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mutt-1.10.1-55.6.1.x86_64",
                "product": {
                  "name": "mutt-1.10.1-55.6.1.x86_64",
                  "product_id": "mutt-1.10.1-55.6.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12 SP3",
                  "product_id": "SUSE Linux Enterprise Desktop 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP3",
                  "product_id": "SUSE Linux Enterprise Server 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.10.1-55.6.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
          "product_id": "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64"
        },
        "product_reference": "mutt-1.10.1-55.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.10.1-55.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64"
        },
        "product_reference": "mutt-1.10.1-55.6.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.10.1-55.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le"
        },
        "product_reference": "mutt-1.10.1-55.6.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.10.1-55.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x"
        },
        "product_reference": "mutt-1.10.1-55.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.10.1-55.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
          "product_id": "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64"
        },
        "product_reference": "mutt-1.10.1-55.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.10.1-55.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64"
        },
        "product_reference": "mutt-1.10.1-55.6.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.10.1-55.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le"
        },
        "product_reference": "mutt-1.10.1-55.6.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.10.1-55.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x"
        },
        "product_reference": "mutt-1.10.1-55.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mutt-1.10.1-55.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
        },
        "product_reference": "mutt-1.10.1-55.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2014-9116",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-9116"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header with an empty body, which triggers a heap-based buffer overflow in the mutt_substrdup function.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-9116",
          "url": "https://www.suse.com/security/cve/CVE-2014-9116"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 907453 for CVE-2014-9116",
          "url": "https://bugzilla.suse.com/907453"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-09T06:14:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-9116"
    },
    {
      "cve": "CVE-2018-14349",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14349"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14349",
          "url": "https://www.suse.com/security/cve/CVE-2018-14349"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14349",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101589 for CVE-2018-14349",
          "url": "https://bugzilla.suse.com/1101589"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14349",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-09T06:14:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-14349"
    },
    {
      "cve": "CVE-2018-14350",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14350"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14350",
          "url": "https://www.suse.com/security/cve/CVE-2018-14350"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14350",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101588 for CVE-2018-14350",
          "url": "https://bugzilla.suse.com/1101588"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14350",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-09T06:14:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-14350"
    },
    {
      "cve": "CVE-2018-14351",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14351"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14351",
          "url": "https://www.suse.com/security/cve/CVE-2018-14351"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14351",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101583 for CVE-2018-14351",
          "url": "https://bugzilla.suse.com/1101583"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14351",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-09T06:14:33Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-14351"
    },
    {
      "cve": "CVE-2018-14352",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14352"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14352",
          "url": "https://www.suse.com/security/cve/CVE-2018-14352"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14352",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101582 for CVE-2018-14352",
          "url": "https://bugzilla.suse.com/1101582"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14352",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-09T06:14:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-14352"
    },
    {
      "cve": "CVE-2018-14353",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14353"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14353",
          "url": "https://www.suse.com/security/cve/CVE-2018-14353"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14353",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101581 for CVE-2018-14353",
          "url": "https://bugzilla.suse.com/1101581"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14353",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-09T06:14:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-14353"
    },
    {
      "cve": "CVE-2018-14354",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14354"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14354",
          "url": "https://www.suse.com/security/cve/CVE-2018-14354"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14354",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101578 for CVE-2018-14354",
          "url": "https://bugzilla.suse.com/1101578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101581 for CVE-2018-14354",
          "url": "https://bugzilla.suse.com/1101581"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101589 for CVE-2018-14354",
          "url": "https://bugzilla.suse.com/1101589"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14354",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-09T06:14:33Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2018-14354"
    },
    {
      "cve": "CVE-2018-14355",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14355"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles \"..\" directory traversal in a mailbox name.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14355",
          "url": "https://www.suse.com/security/cve/CVE-2018-14355"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14355",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101577 for CVE-2018-14355",
          "url": "https://bugzilla.suse.com/1101577"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14355",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-09T06:14:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-14355"
    },
    {
      "cve": "CVE-2018-14356",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14356"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14356",
          "url": "https://www.suse.com/security/cve/CVE-2018-14356"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14356",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101576 for CVE-2018-14356",
          "url": "https://bugzilla.suse.com/1101576"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101589 for CVE-2018-14356",
          "url": "https://bugzilla.suse.com/1101589"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14356",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-09T06:14:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-14356"
    },
    {
      "cve": "CVE-2018-14357",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14357"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14357",
          "url": "https://www.suse.com/security/cve/CVE-2018-14357"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14357",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101573 for CVE-2018-14357",
          "url": "https://bugzilla.suse.com/1101573"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101581 for CVE-2018-14357",
          "url": "https://bugzilla.suse.com/1101581"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101589 for CVE-2018-14357",
          "url": "https://bugzilla.suse.com/1101589"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14357",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-09T06:14:33Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-14357"
    },
    {
      "cve": "CVE-2018-14358",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14358"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14358",
          "url": "https://www.suse.com/security/cve/CVE-2018-14358"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14358",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101571 for CVE-2018-14358",
          "url": "https://bugzilla.suse.com/1101571"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14358",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-09T06:14:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-14358"
    },
    {
      "cve": "CVE-2018-14359",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14359"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14359",
          "url": "https://www.suse.com/security/cve/CVE-2018-14359"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14359",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101570 for CVE-2018-14359",
          "url": "https://bugzilla.suse.com/1101570"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101589 for CVE-2018-14359",
          "url": "https://bugzilla.suse.com/1101589"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14359",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-09T06:14:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-14359"
    },
    {
      "cve": "CVE-2018-14360",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14360"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14360",
          "url": "https://www.suse.com/security/cve/CVE-2018-14360"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14360",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101569 for CVE-2018-14360",
          "url": "https://bugzilla.suse.com/1101569"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14360",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-09T06:14:33Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2018-14360"
    },
    {
      "cve": "CVE-2018-14361",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14361"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14361",
          "url": "https://www.suse.com/security/cve/CVE-2018-14361"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14361",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101568 for CVE-2018-14361",
          "url": "https://bugzilla.suse.com/1101568"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14361",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-09T06:14:33Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2018-14361"
    },
    {
      "cve": "CVE-2018-14362",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14362"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a \u0027/\u0027 character.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14362",
          "url": "https://www.suse.com/security/cve/CVE-2018-14362"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14362",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101567 for CVE-2018-14362",
          "url": "https://bugzilla.suse.com/1101567"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101589 for CVE-2018-14362",
          "url": "https://bugzilla.suse.com/1101589"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14362",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-09T06:14:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-14362"
    },
    {
      "cve": "CVE-2018-14363",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-14363"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict \u0027/\u0027 characters that may have unsafe interaction with cache pathnames.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-14363",
          "url": "https://www.suse.com/security/cve/CVE-2018-14363"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101428 for CVE-2018-14363",
          "url": "https://bugzilla.suse.com/1101428"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101566 for CVE-2018-14363",
          "url": "https://bugzilla.suse.com/1101566"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1101593 for CVE-2018-14363",
          "url": "https://bugzilla.suse.com/1101593"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Desktop 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server 12 SP3:mutt-1.10.1-55.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP3:mutt-1.10.1-55.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-05-09T06:14:33Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-14363"
    }
  ]
}

WID-SEC-W-2025-0102

Vulnerability from csaf_certbund - Published: 2018-07-29 22:00 - Updated: 2025-01-15 23:00

Summary

mutt: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Mutt ist ein textbasiertes E-Mail-Programm für Unix und andere Unix-artige Betriebssysteme.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in mutt ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen, Angriffe mit nicht näher spezifizierten Auswirkungen oder einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux

CVE-2018-14349

In mutt Linux existieren mehrere Schwachstellen. Diese basieren auf Pufferüberlauf Schwächen oder Fehlern bei der Verarbeitung von Eingaben. Ein Angreifer kann dieses zu einem Denial of Service oder "Directory Traversal" Angriff oder möglicherweise zur Ausführung von Code mit den Privilegien des angegriffenen Benutzers oder Dienstes nutzen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion erforderlich.

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source mutt <=1.10.1 Open Source / mutt		<=1.10.1

CVE-2018-14350

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source mutt <=1.10.1 Open Source / mutt		<=1.10.1

CVE-2018-14351

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source mutt <=1.10.1 Open Source / mutt		<=1.10.1

CVE-2018-14352

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source mutt <=1.10.1 Open Source / mutt		<=1.10.1

CVE-2018-14353

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source mutt <=1.10.1 Open Source / mutt		<=1.10.1

CVE-2018-14354

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source mutt <=1.10.1 Open Source / mutt		<=1.10.1

CVE-2018-14355

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source mutt <=1.10.1 Open Source / mutt		<=1.10.1

CVE-2018-14356

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source mutt <=1.10.1 Open Source / mutt		<=1.10.1

CVE-2018-14357

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source mutt <=1.10.1 Open Source / mutt		<=1.10.1

CVE-2018-14358

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source mutt <=1.10.1 Open Source / mutt		<=1.10.1

CVE-2018-14359

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source mutt <=1.10.1 Open Source / mutt		<=1.10.1

CVE-2018-14360

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source mutt <=1.10.1 Open Source / mutt		<=1.10.1

CVE-2018-14361

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source mutt <=1.10.1 Open Source / mutt		<=1.10.1

CVE-2018-14362

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source mutt <=1.10.1 Open Source / mutt		<=1.10.1

CVE-2018-14363

Affected products

Known affected 6 products

Product	Identifier	Version
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source mutt <=1.10.1 Open Source / mutt		<=1.10.1

References

11 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/de-de/support/update/announc…	external
https://www.suse.com/support/update/announcement/…	external
https://www.debian.org/security/2018/dsa-4277	external
http://linux.oracle.com/errata/ELSA-2018-2526.html	external
http://rhn.redhat.com/errata/RHSA-2018-2526.html	external
https://www.suse.com/support/update/announcement/…	external
https://access.redhat.com/errata/RHSA-2020:1126	external
https://ubuntu.com/security/notices/USN-7204-1	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Mutt ist ein textbasiertes E-Mail-Programm f\u00fcr Unix und andere Unix-artige Betriebssysteme.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in mutt ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuf\u00fchren, Angriffe mit nicht n\u00e4her spezifizierten Auswirkungen oder einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0102 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2018/wid-sec-w-2025-0102.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0102 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0102"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:2085-1 vom 2018-07-29",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182085-1/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update  \tSUSE-SU-2018:2084-1 vom 2018-07-29",
        "url": "https://www.suse.com/de-de/support/update/announcement/2018/suse-su-20182084-1/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:2403-1 vom 2018-08-18",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182403-1.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4277 vom 2018-08-18",
        "url": "https://www.debian.org/security/2018/dsa-4277"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2018-2526 vom 2018-08-20",
        "url": "http://linux.oracle.com/errata/ELSA-2018-2526.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2018:2526 vom 2018-08-20",
        "url": "http://rhn.redhat.com/errata/RHSA-2018-2526.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:1196-1 vom 2019-05-09",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191196-1.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:1126 vom 2020-03-31",
        "url": "https://access.redhat.com/errata/RHSA-2020:1126"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7204-1 vom 2025-01-15",
        "url": "https://ubuntu.com/security/notices/USN-7204-1"
      }
    ],
    "source_lang": "en-US",
    "title": "mutt: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-01-15T23:00:00.000+00:00",
      "generator": {
        "date": "2025-01-16T09:22:25.007+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2025-0102",
      "initial_release_date": "2018-07-29T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2018-07-29T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2018-07-29T22:00:00.000+00:00",
          "number": "2",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2018-08-19T22:00:00.000+00:00",
          "number": "3",
          "summary": "New remediations available"
        },
        {
          "date": "2018-08-20T22:00:00.000+00:00",
          "number": "4",
          "summary": "New remediations available"
        },
        {
          "date": "2018-08-20T22:00:00.000+00:00",
          "number": "5",
          "summary": "New remediations available"
        },
        {
          "date": "2018-10-30T23:00:00.000+00:00",
          "number": "6",
          "summary": "Added references"
        },
        {
          "date": "2019-05-09T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2020-03-31T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-01-15T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        }
      ],
      "status": "final",
      "version": "9"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=1.10.1",
                "product": {
                  "name": "Open Source mutt \u003c=1.10.1",
                  "product_id": "T012560"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=1.10.1",
                "product": {
                  "name": "Open Source mutt \u003c=1.10.1",
                  "product_id": "T012560-fixed"
                }
              }
            ],
            "category": "product_name",
            "name": "mutt"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-14349",
      "notes": [
        {
          "category": "description",
          "text": "In mutt Linux existieren mehrere Schwachstellen. Diese basieren auf Puffer\u00fcberlauf Schw\u00e4chen oder Fehlern bei der Verarbeitung von Eingaben. Ein Angreifer kann dieses zu einem Denial of Service oder \"Directory Traversal\" Angriff oder m\u00f6glicherweise zur Ausf\u00fchrung von Code mit den Privilegien des angegriffenen Benutzers oder Dienstes nutzen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T012560"
        ]
      },
      "release_date": "2018-07-29T22:00:00.000+00:00",
      "title": "CVE-2018-14349"
    },
    {
      "cve": "CVE-2018-14350",
      "notes": [
        {
          "category": "description",
          "text": "In mutt Linux existieren mehrere Schwachstellen. Diese basieren auf Puffer\u00fcberlauf Schw\u00e4chen oder Fehlern bei der Verarbeitung von Eingaben. Ein Angreifer kann dieses zu einem Denial of Service oder \"Directory Traversal\" Angriff oder m\u00f6glicherweise zur Ausf\u00fchrung von Code mit den Privilegien des angegriffenen Benutzers oder Dienstes nutzen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T012560"
        ]
      },
      "release_date": "2018-07-29T22:00:00.000+00:00",
      "title": "CVE-2018-14350"
    },
    {
      "cve": "CVE-2018-14351",
      "notes": [
        {
          "category": "description",
          "text": "In mutt Linux existieren mehrere Schwachstellen. Diese basieren auf Puffer\u00fcberlauf Schw\u00e4chen oder Fehlern bei der Verarbeitung von Eingaben. Ein Angreifer kann dieses zu einem Denial of Service oder \"Directory Traversal\" Angriff oder m\u00f6glicherweise zur Ausf\u00fchrung von Code mit den Privilegien des angegriffenen Benutzers oder Dienstes nutzen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T012560"
        ]
      },
      "release_date": "2018-07-29T22:00:00.000+00:00",
      "title": "CVE-2018-14351"
    },
    {
      "cve": "CVE-2018-14352",
      "notes": [
        {
          "category": "description",
          "text": "In mutt Linux existieren mehrere Schwachstellen. Diese basieren auf Puffer\u00fcberlauf Schw\u00e4chen oder Fehlern bei der Verarbeitung von Eingaben. Ein Angreifer kann dieses zu einem Denial of Service oder \"Directory Traversal\" Angriff oder m\u00f6glicherweise zur Ausf\u00fchrung von Code mit den Privilegien des angegriffenen Benutzers oder Dienstes nutzen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T012560"
        ]
      },
      "release_date": "2018-07-29T22:00:00.000+00:00",
      "title": "CVE-2018-14352"
    },
    {
      "cve": "CVE-2018-14353",
      "notes": [
        {
          "category": "description",
          "text": "In mutt Linux existieren mehrere Schwachstellen. Diese basieren auf Puffer\u00fcberlauf Schw\u00e4chen oder Fehlern bei der Verarbeitung von Eingaben. Ein Angreifer kann dieses zu einem Denial of Service oder \"Directory Traversal\" Angriff oder m\u00f6glicherweise zur Ausf\u00fchrung von Code mit den Privilegien des angegriffenen Benutzers oder Dienstes nutzen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T012560"
        ]
      },
      "release_date": "2018-07-29T22:00:00.000+00:00",
      "title": "CVE-2018-14353"
    },
    {
      "cve": "CVE-2018-14354",
      "notes": [
        {
          "category": "description",
          "text": "In mutt Linux existieren mehrere Schwachstellen. Diese basieren auf Puffer\u00fcberlauf Schw\u00e4chen oder Fehlern bei der Verarbeitung von Eingaben. Ein Angreifer kann dieses zu einem Denial of Service oder \"Directory Traversal\" Angriff oder m\u00f6glicherweise zur Ausf\u00fchrung von Code mit den Privilegien des angegriffenen Benutzers oder Dienstes nutzen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T012560"
        ]
      },
      "release_date": "2018-07-29T22:00:00.000+00:00",
      "title": "CVE-2018-14354"
    },
    {
      "cve": "CVE-2018-14355",
      "notes": [
        {
          "category": "description",
          "text": "In mutt Linux existieren mehrere Schwachstellen. Diese basieren auf Puffer\u00fcberlauf Schw\u00e4chen oder Fehlern bei der Verarbeitung von Eingaben. Ein Angreifer kann dieses zu einem Denial of Service oder \"Directory Traversal\" Angriff oder m\u00f6glicherweise zur Ausf\u00fchrung von Code mit den Privilegien des angegriffenen Benutzers oder Dienstes nutzen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T012560"
        ]
      },
      "release_date": "2018-07-29T22:00:00.000+00:00",
      "title": "CVE-2018-14355"
    },
    {
      "cve": "CVE-2018-14356",
      "notes": [
        {
          "category": "description",
          "text": "In mutt Linux existieren mehrere Schwachstellen. Diese basieren auf Puffer\u00fcberlauf Schw\u00e4chen oder Fehlern bei der Verarbeitung von Eingaben. Ein Angreifer kann dieses zu einem Denial of Service oder \"Directory Traversal\" Angriff oder m\u00f6glicherweise zur Ausf\u00fchrung von Code mit den Privilegien des angegriffenen Benutzers oder Dienstes nutzen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T012560"
        ]
      },
      "release_date": "2018-07-29T22:00:00.000+00:00",
      "title": "CVE-2018-14356"
    },
    {
      "cve": "CVE-2018-14357",
      "notes": [
        {
          "category": "description",
          "text": "In mutt Linux existieren mehrere Schwachstellen. Diese basieren auf Puffer\u00fcberlauf Schw\u00e4chen oder Fehlern bei der Verarbeitung von Eingaben. Ein Angreifer kann dieses zu einem Denial of Service oder \"Directory Traversal\" Angriff oder m\u00f6glicherweise zur Ausf\u00fchrung von Code mit den Privilegien des angegriffenen Benutzers oder Dienstes nutzen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T012560"
        ]
      },
      "release_date": "2018-07-29T22:00:00.000+00:00",
      "title": "CVE-2018-14357"
    },
    {
      "cve": "CVE-2018-14358",
      "notes": [
        {
          "category": "description",
          "text": "In mutt Linux existieren mehrere Schwachstellen. Diese basieren auf Puffer\u00fcberlauf Schw\u00e4chen oder Fehlern bei der Verarbeitung von Eingaben. Ein Angreifer kann dieses zu einem Denial of Service oder \"Directory Traversal\" Angriff oder m\u00f6glicherweise zur Ausf\u00fchrung von Code mit den Privilegien des angegriffenen Benutzers oder Dienstes nutzen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T012560"
        ]
      },
      "release_date": "2018-07-29T22:00:00.000+00:00",
      "title": "CVE-2018-14358"
    },
    {
      "cve": "CVE-2018-14359",
      "notes": [
        {
          "category": "description",
          "text": "In mutt Linux existieren mehrere Schwachstellen. Diese basieren auf Puffer\u00fcberlauf Schw\u00e4chen oder Fehlern bei der Verarbeitung von Eingaben. Ein Angreifer kann dieses zu einem Denial of Service oder \"Directory Traversal\" Angriff oder m\u00f6glicherweise zur Ausf\u00fchrung von Code mit den Privilegien des angegriffenen Benutzers oder Dienstes nutzen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T012560"
        ]
      },
      "release_date": "2018-07-29T22:00:00.000+00:00",
      "title": "CVE-2018-14359"
    },
    {
      "cve": "CVE-2018-14360",
      "notes": [
        {
          "category": "description",
          "text": "In mutt Linux existieren mehrere Schwachstellen. Diese basieren auf Puffer\u00fcberlauf Schw\u00e4chen oder Fehlern bei der Verarbeitung von Eingaben. Ein Angreifer kann dieses zu einem Denial of Service oder \"Directory Traversal\" Angriff oder m\u00f6glicherweise zur Ausf\u00fchrung von Code mit den Privilegien des angegriffenen Benutzers oder Dienstes nutzen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T012560"
        ]
      },
      "release_date": "2018-07-29T22:00:00.000+00:00",
      "title": "CVE-2018-14360"
    },
    {
      "cve": "CVE-2018-14361",
      "notes": [
        {
          "category": "description",
          "text": "In mutt Linux existieren mehrere Schwachstellen. Diese basieren auf Puffer\u00fcberlauf Schw\u00e4chen oder Fehlern bei der Verarbeitung von Eingaben. Ein Angreifer kann dieses zu einem Denial of Service oder \"Directory Traversal\" Angriff oder m\u00f6glicherweise zur Ausf\u00fchrung von Code mit den Privilegien des angegriffenen Benutzers oder Dienstes nutzen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T012560"
        ]
      },
      "release_date": "2018-07-29T22:00:00.000+00:00",
      "title": "CVE-2018-14361"
    },
    {
      "cve": "CVE-2018-14362",
      "notes": [
        {
          "category": "description",
          "text": "In mutt Linux existieren mehrere Schwachstellen. Diese basieren auf Puffer\u00fcberlauf Schw\u00e4chen oder Fehlern bei der Verarbeitung von Eingaben. Ein Angreifer kann dieses zu einem Denial of Service oder \"Directory Traversal\" Angriff oder m\u00f6glicherweise zur Ausf\u00fchrung von Code mit den Privilegien des angegriffenen Benutzers oder Dienstes nutzen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T012560"
        ]
      },
      "release_date": "2018-07-29T22:00:00.000+00:00",
      "title": "CVE-2018-14362"
    },
    {
      "cve": "CVE-2018-14363",
      "notes": [
        {
          "category": "description",
          "text": "In mutt Linux existieren mehrere Schwachstellen. Diese basieren auf Puffer\u00fcberlauf Schw\u00e4chen oder Fehlern bei der Verarbeitung von Eingaben. Ein Angreifer kann dieses zu einem Denial of Service oder \"Directory Traversal\" Angriff oder m\u00f6glicherweise zur Ausf\u00fchrung von Code mit den Privilegien des angegriffenen Benutzers oder Dienstes nutzen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T004914",
          "T012560"
        ]
      },
      "release_date": "2018-07-29T22:00:00.000+00:00",
      "title": "CVE-2018-14363"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-14355 (GCVE-0-2018-14355)

SUSE-SU-2018:2403-1

SUSE-SU-2019:1196-1

WID-SEC-W-2025-0102

Tags

Sightings

Nomenclature