Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
mutt-2.0.7-2.2 on GA media
Notes
Title of the patch
mutt-2.0.7-2.2 on GA media
Description of the patch
These are all security issues fixed in the mutt-2.0.7-2.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11069
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "mutt-2.0.7-2.2 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the mutt-2.0.7-2.2 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11069", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11069-1.json", }, { category: "self", summary: "SUSE CVE CVE-2007-1558 page", url: "https://www.suse.com/security/cve/CVE-2007-1558/", }, { category: "self", summary: "SUSE CVE CVE-2018-14349 page", url: "https://www.suse.com/security/cve/CVE-2018-14349/", }, { category: "self", summary: "SUSE CVE CVE-2018-14350 page", url: "https://www.suse.com/security/cve/CVE-2018-14350/", }, { category: "self", summary: "SUSE CVE CVE-2018-14351 page", url: "https://www.suse.com/security/cve/CVE-2018-14351/", }, { category: "self", summary: "SUSE CVE CVE-2018-14352 page", url: "https://www.suse.com/security/cve/CVE-2018-14352/", }, { category: "self", summary: "SUSE CVE CVE-2018-14353 page", url: "https://www.suse.com/security/cve/CVE-2018-14353/", }, { category: "self", summary: "SUSE CVE CVE-2018-14354 page", url: "https://www.suse.com/security/cve/CVE-2018-14354/", }, { category: "self", summary: "SUSE CVE CVE-2018-14355 page", url: "https://www.suse.com/security/cve/CVE-2018-14355/", }, { category: "self", summary: "SUSE CVE CVE-2018-14356 page", url: "https://www.suse.com/security/cve/CVE-2018-14356/", }, { category: "self", summary: "SUSE CVE CVE-2018-14357 page", url: "https://www.suse.com/security/cve/CVE-2018-14357/", }, { category: "self", summary: "SUSE CVE CVE-2018-14358 page", url: "https://www.suse.com/security/cve/CVE-2018-14358/", }, { category: "self", summary: "SUSE CVE CVE-2018-14359 page", url: "https://www.suse.com/security/cve/CVE-2018-14359/", }, { category: "self", summary: "SUSE CVE CVE-2018-14360 page", url: "https://www.suse.com/security/cve/CVE-2018-14360/", }, { category: "self", summary: "SUSE CVE CVE-2018-14361 page", url: "https://www.suse.com/security/cve/CVE-2018-14361/", }, { category: "self", summary: "SUSE CVE CVE-2018-14362 page", url: "https://www.suse.com/security/cve/CVE-2018-14362/", }, { category: "self", summary: "SUSE CVE CVE-2018-14363 page", url: "https://www.suse.com/security/cve/CVE-2018-14363/", }, { category: "self", summary: "SUSE CVE CVE-2020-14093 page", url: "https://www.suse.com/security/cve/CVE-2020-14093/", }, { category: "self", summary: "SUSE CVE CVE-2020-14954 page", url: "https://www.suse.com/security/cve/CVE-2020-14954/", }, { category: "self", summary: "SUSE CVE CVE-2020-28896 page", url: "https://www.suse.com/security/cve/CVE-2020-28896/", }, { category: "self", summary: "SUSE CVE CVE-2021-3181 page", url: "https://www.suse.com/security/cve/CVE-2021-3181/", }, { category: "self", summary: "SUSE CVE CVE-2021-32055 page", url: "https://www.suse.com/security/cve/CVE-2021-32055/", }, ], title: "mutt-2.0.7-2.2 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11069-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "mutt-2.0.7-2.2.aarch64", product: { name: "mutt-2.0.7-2.2.aarch64", product_id: "mutt-2.0.7-2.2.aarch64", }, }, { category: "product_version", name: "mutt-doc-2.0.7-2.2.aarch64", product: { name: "mutt-doc-2.0.7-2.2.aarch64", product_id: "mutt-doc-2.0.7-2.2.aarch64", }, }, { category: "product_version", name: "mutt-lang-2.0.7-2.2.aarch64", product: { name: "mutt-lang-2.0.7-2.2.aarch64", product_id: "mutt-lang-2.0.7-2.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "mutt-2.0.7-2.2.ppc64le", product: { name: "mutt-2.0.7-2.2.ppc64le", product_id: "mutt-2.0.7-2.2.ppc64le", }, }, { category: "product_version", name: "mutt-doc-2.0.7-2.2.ppc64le", product: { name: "mutt-doc-2.0.7-2.2.ppc64le", product_id: "mutt-doc-2.0.7-2.2.ppc64le", }, }, { category: "product_version", name: "mutt-lang-2.0.7-2.2.ppc64le", product: { name: "mutt-lang-2.0.7-2.2.ppc64le", product_id: "mutt-lang-2.0.7-2.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "mutt-2.0.7-2.2.s390x", product: { name: "mutt-2.0.7-2.2.s390x", product_id: "mutt-2.0.7-2.2.s390x", }, }, { category: "product_version", name: "mutt-doc-2.0.7-2.2.s390x", product: { name: "mutt-doc-2.0.7-2.2.s390x", product_id: "mutt-doc-2.0.7-2.2.s390x", }, }, { category: "product_version", name: "mutt-lang-2.0.7-2.2.s390x", product: { name: "mutt-lang-2.0.7-2.2.s390x", product_id: "mutt-lang-2.0.7-2.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "mutt-2.0.7-2.2.x86_64", product: { name: "mutt-2.0.7-2.2.x86_64", product_id: "mutt-2.0.7-2.2.x86_64", }, }, { category: "product_version", name: "mutt-doc-2.0.7-2.2.x86_64", product: { name: "mutt-doc-2.0.7-2.2.x86_64", product_id: "mutt-doc-2.0.7-2.2.x86_64", }, }, { category: "product_version", name: "mutt-lang-2.0.7-2.2.x86_64", product: { name: "mutt-lang-2.0.7-2.2.x86_64", product_id: "mutt-lang-2.0.7-2.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "mutt-2.0.7-2.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", }, product_reference: "mutt-2.0.7-2.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "mutt-2.0.7-2.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", }, product_reference: "mutt-2.0.7-2.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "mutt-2.0.7-2.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", }, product_reference: "mutt-2.0.7-2.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "mutt-2.0.7-2.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", }, product_reference: "mutt-2.0.7-2.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "mutt-doc-2.0.7-2.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", }, product_reference: "mutt-doc-2.0.7-2.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "mutt-doc-2.0.7-2.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", }, product_reference: "mutt-doc-2.0.7-2.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "mutt-doc-2.0.7-2.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", }, product_reference: "mutt-doc-2.0.7-2.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "mutt-doc-2.0.7-2.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", }, product_reference: "mutt-doc-2.0.7-2.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "mutt-lang-2.0.7-2.2.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", }, product_reference: "mutt-lang-2.0.7-2.2.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "mutt-lang-2.0.7-2.2.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", }, product_reference: "mutt-lang-2.0.7-2.2.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "mutt-lang-2.0.7-2.2.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", }, product_reference: "mutt-lang-2.0.7-2.2.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "mutt-lang-2.0.7-2.2.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", }, product_reference: "mutt-lang-2.0.7-2.2.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2007-1558", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2007-1558", }, ], notes: [ { category: "general", text: "The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2007-1558", url: "https://www.suse.com/security/cve/CVE-2007-1558", }, { category: "external", summary: "SUSE Bug 262450 for CVE-2007-1558", url: "https://bugzilla.suse.com/262450", }, { category: "external", summary: "SUSE Bug 271197 for CVE-2007-1558", url: "https://bugzilla.suse.com/271197", }, { category: "external", summary: "SUSE Bug 279843 for CVE-2007-1558", url: "https://bugzilla.suse.com/279843", }, { category: "external", summary: "SUSE Bug 281321 for CVE-2007-1558", url: "https://bugzilla.suse.com/281321", }, { category: "external", summary: "SUSE Bug 281323 for CVE-2007-1558", url: "https://bugzilla.suse.com/281323", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2007-1558", }, { cve: "CVE-2018-14349", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14349", }, ], notes: [ { category: "general", text: "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14349", url: "https://www.suse.com/security/cve/CVE-2018-14349", }, { category: "external", summary: "SUSE Bug 1101428 for CVE-2018-14349", url: "https://bugzilla.suse.com/1101428", }, { category: "external", summary: "SUSE Bug 1101589 for CVE-2018-14349", url: "https://bugzilla.suse.com/1101589", }, { category: "external", summary: "SUSE Bug 1101593 for CVE-2018-14349", url: "https://bugzilla.suse.com/1101593", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14349", }, { cve: "CVE-2018-14350", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14350", }, ], notes: [ { category: "general", text: "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14350", url: "https://www.suse.com/security/cve/CVE-2018-14350", }, { category: "external", summary: "SUSE Bug 1101428 for CVE-2018-14350", url: "https://bugzilla.suse.com/1101428", }, { category: "external", summary: "SUSE Bug 1101588 for CVE-2018-14350", url: "https://bugzilla.suse.com/1101588", }, { category: "external", summary: "SUSE Bug 1101593 for CVE-2018-14350", url: "https://bugzilla.suse.com/1101593", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14350", }, { cve: "CVE-2018-14351", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14351", }, ], notes: [ { category: "general", text: "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14351", url: "https://www.suse.com/security/cve/CVE-2018-14351", }, { category: "external", summary: "SUSE Bug 1101428 for CVE-2018-14351", url: "https://bugzilla.suse.com/1101428", }, { category: "external", summary: "SUSE Bug 1101583 for CVE-2018-14351", url: "https://bugzilla.suse.com/1101583", }, { category: "external", summary: "SUSE Bug 1101593 for CVE-2018-14351", url: "https://bugzilla.suse.com/1101593", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-14351", }, { cve: "CVE-2018-14352", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14352", }, ], notes: [ { category: "general", text: "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14352", url: "https://www.suse.com/security/cve/CVE-2018-14352", }, { category: "external", summary: "SUSE Bug 1101428 for CVE-2018-14352", url: "https://bugzilla.suse.com/1101428", }, { category: "external", summary: "SUSE Bug 1101582 for CVE-2018-14352", url: "https://bugzilla.suse.com/1101582", }, { category: "external", summary: "SUSE Bug 1101593 for CVE-2018-14352", url: "https://bugzilla.suse.com/1101593", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14352", }, { cve: "CVE-2018-14353", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14353", }, ], notes: [ { category: "general", text: "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14353", url: "https://www.suse.com/security/cve/CVE-2018-14353", }, { category: "external", summary: "SUSE Bug 1101428 for CVE-2018-14353", url: "https://bugzilla.suse.com/1101428", }, { category: "external", summary: "SUSE Bug 1101581 for CVE-2018-14353", url: "https://bugzilla.suse.com/1101581", }, { category: "external", summary: "SUSE Bug 1101593 for CVE-2018-14353", url: "https://bugzilla.suse.com/1101593", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14353", }, { cve: "CVE-2018-14354", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14354", }, ], notes: [ { category: "general", text: "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14354", url: "https://www.suse.com/security/cve/CVE-2018-14354", }, { category: "external", summary: "SUSE Bug 1101428 for CVE-2018-14354", url: "https://bugzilla.suse.com/1101428", }, { category: "external", summary: "SUSE Bug 1101578 for CVE-2018-14354", url: "https://bugzilla.suse.com/1101578", }, { category: "external", summary: "SUSE Bug 1101581 for CVE-2018-14354", url: "https://bugzilla.suse.com/1101581", }, { category: "external", summary: "SUSE Bug 1101589 for CVE-2018-14354", url: "https://bugzilla.suse.com/1101589", }, { category: "external", summary: "SUSE Bug 1101593 for CVE-2018-14354", url: "https://bugzilla.suse.com/1101593", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.6, baseSeverity: "CRITICAL", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2018-14354", }, { cve: "CVE-2018-14355", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14355", }, ], notes: [ { category: "general", text: "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles \"..\" directory traversal in a mailbox name.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14355", url: "https://www.suse.com/security/cve/CVE-2018-14355", }, { category: "external", summary: "SUSE Bug 1101428 for CVE-2018-14355", url: "https://bugzilla.suse.com/1101428", }, { category: "external", summary: "SUSE Bug 1101577 for CVE-2018-14355", url: "https://bugzilla.suse.com/1101577", }, { category: "external", summary: "SUSE Bug 1101593 for CVE-2018-14355", url: "https://bugzilla.suse.com/1101593", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14355", }, { cve: "CVE-2018-14356", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14356", }, ], notes: [ { category: "general", text: "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14356", url: "https://www.suse.com/security/cve/CVE-2018-14356", }, { category: "external", summary: "SUSE Bug 1101428 for CVE-2018-14356", url: "https://bugzilla.suse.com/1101428", }, { category: "external", summary: "SUSE Bug 1101576 for CVE-2018-14356", url: "https://bugzilla.suse.com/1101576", }, { category: "external", summary: "SUSE Bug 1101589 for CVE-2018-14356", url: "https://bugzilla.suse.com/1101589", }, { category: "external", summary: "SUSE Bug 1101593 for CVE-2018-14356", url: "https://bugzilla.suse.com/1101593", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14356", }, { cve: "CVE-2018-14357", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14357", }, ], notes: [ { category: "general", text: "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14357", url: "https://www.suse.com/security/cve/CVE-2018-14357", }, { category: "external", summary: "SUSE Bug 1101428 for CVE-2018-14357", url: "https://bugzilla.suse.com/1101428", }, { category: "external", summary: "SUSE Bug 1101573 for CVE-2018-14357", url: "https://bugzilla.suse.com/1101573", }, { category: "external", summary: "SUSE Bug 1101581 for CVE-2018-14357", url: "https://bugzilla.suse.com/1101581", }, { category: "external", summary: "SUSE Bug 1101589 for CVE-2018-14357", url: "https://bugzilla.suse.com/1101589", }, { category: "external", summary: "SUSE Bug 1101593 for CVE-2018-14357", url: "https://bugzilla.suse.com/1101593", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-14357", }, { cve: "CVE-2018-14358", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14358", }, ], notes: [ { category: "general", text: "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14358", url: "https://www.suse.com/security/cve/CVE-2018-14358", }, { category: "external", summary: "SUSE Bug 1101428 for CVE-2018-14358", url: "https://bugzilla.suse.com/1101428", }, { category: "external", summary: "SUSE Bug 1101571 for CVE-2018-14358", url: "https://bugzilla.suse.com/1101571", }, { category: "external", summary: "SUSE Bug 1101593 for CVE-2018-14358", url: "https://bugzilla.suse.com/1101593", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14358", }, { cve: "CVE-2018-14359", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14359", }, ], notes: [ { category: "general", text: "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14359", url: "https://www.suse.com/security/cve/CVE-2018-14359", }, { category: "external", summary: "SUSE Bug 1101428 for CVE-2018-14359", url: "https://bugzilla.suse.com/1101428", }, { category: "external", summary: "SUSE Bug 1101570 for CVE-2018-14359", url: "https://bugzilla.suse.com/1101570", }, { category: "external", summary: "SUSE Bug 1101589 for CVE-2018-14359", url: "https://bugzilla.suse.com/1101589", }, { category: "external", summary: "SUSE Bug 1101593 for CVE-2018-14359", url: "https://bugzilla.suse.com/1101593", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14359", }, { cve: "CVE-2018-14360", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14360", }, ], notes: [ { category: "general", text: "An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14360", url: "https://www.suse.com/security/cve/CVE-2018-14360", }, { category: "external", summary: "SUSE Bug 1101428 for CVE-2018-14360", url: "https://bugzilla.suse.com/1101428", }, { category: "external", summary: "SUSE Bug 1101569 for CVE-2018-14360", url: "https://bugzilla.suse.com/1101569", }, { category: "external", summary: "SUSE Bug 1101593 for CVE-2018-14360", url: "https://bugzilla.suse.com/1101593", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2018-14360", }, { cve: "CVE-2018-14361", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14361", }, ], notes: [ { category: "general", text: "An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14361", url: "https://www.suse.com/security/cve/CVE-2018-14361", }, { category: "external", summary: "SUSE Bug 1101428 for CVE-2018-14361", url: "https://bugzilla.suse.com/1101428", }, { category: "external", summary: "SUSE Bug 1101568 for CVE-2018-14361", url: "https://bugzilla.suse.com/1101568", }, { category: "external", summary: "SUSE Bug 1101593 for CVE-2018-14361", url: "https://bugzilla.suse.com/1101593", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "critical", }, ], title: "CVE-2018-14361", }, { cve: "CVE-2018-14362", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14362", }, ], notes: [ { category: "general", text: "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14362", url: "https://www.suse.com/security/cve/CVE-2018-14362", }, { category: "external", summary: "SUSE Bug 1101428 for CVE-2018-14362", url: "https://bugzilla.suse.com/1101428", }, { category: "external", summary: "SUSE Bug 1101567 for CVE-2018-14362", url: "https://bugzilla.suse.com/1101567", }, { category: "external", summary: "SUSE Bug 1101589 for CVE-2018-14362", url: "https://bugzilla.suse.com/1101589", }, { category: "external", summary: "SUSE Bug 1101593 for CVE-2018-14362", url: "https://bugzilla.suse.com/1101593", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2018-14362", }, { cve: "CVE-2018-14363", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-14363", }, ], notes: [ { category: "general", text: "An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-14363", url: "https://www.suse.com/security/cve/CVE-2018-14363", }, { category: "external", summary: "SUSE Bug 1101428 for CVE-2018-14363", url: "https://bugzilla.suse.com/1101428", }, { category: "external", summary: "SUSE Bug 1101566 for CVE-2018-14363", url: "https://bugzilla.suse.com/1101566", }, { category: "external", summary: "SUSE Bug 1101593 for CVE-2018-14363", url: "https://bugzilla.suse.com/1101593", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2018-14363", }, { cve: "CVE-2020-14093", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14093", }, ], notes: [ { category: "general", text: "Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14093", url: "https://www.suse.com/security/cve/CVE-2020-14093", }, { category: "external", summary: "SUSE Bug 1172906 for CVE-2020-14093", url: "https://bugzilla.suse.com/1172906", }, { category: "external", summary: "SUSE Bug 1172935 for CVE-2020-14093", url: "https://bugzilla.suse.com/1172935", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-14093", }, { cve: "CVE-2020-14954", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-14954", }, ], notes: [ { category: "general", text: "Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a \"begin TLS\" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka \"response injection.\"", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-14954", url: "https://www.suse.com/security/cve/CVE-2020-14954", }, { category: "external", summary: "SUSE Bug 1173197 for CVE-2020-14954", url: "https://bugzilla.suse.com/1173197", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2020-14954", }, { cve: "CVE-2020-28896", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-28896", }, ], notes: [ { category: "general", text: "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2020-28896", url: "https://www.suse.com/security/cve/CVE-2020-28896", }, { category: "external", summary: "SUSE Bug 1179035 for CVE-2020-28896", url: "https://bugzilla.suse.com/1179035", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2020-28896", }, { cve: "CVE-2021-3181", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-3181", }, ], notes: [ { category: "general", text: "rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-3181", url: "https://www.suse.com/security/cve/CVE-2021-3181", }, { category: "external", summary: "SUSE Bug 1181221 for CVE-2021-3181", url: "https://bugzilla.suse.com/1181221", }, { category: "external", summary: "SUSE Bug 1181505 for CVE-2021-3181", url: "https://bugzilla.suse.com/1181505", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-3181", }, { cve: "CVE-2021-32055", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-32055", }, ], notes: [ { category: "general", text: "Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-32055", url: "https://www.suse.com/security/cve/CVE-2021-32055", }, { category: "external", summary: "SUSE Bug 1185705 for CVE-2021-32055", url: "https://bugzilla.suse.com/1185705", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x", "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2021-32055", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.