Lucene search
K

373 matches found

ArchLinux
ArchLinux
added 2020/11/26 12:0 a.m.138 views

[ASA-202011-24] neomutt: silent downgrade

Arch Linux Security Advisory ASA-202011-24 ========================================== Severity: High Date : 2020-11-26 CVE-ID : CVE-2020-28896 Package : neomutt Type : silent downgrade Remote : Yes Link : https://security.archlinux.org/AVG-1289 Summary ======= The package neomutt before version...

5.3CVSS0.5AI score0.02323EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2020/11/23 7:51 p.m.29 views

CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

5.3CVSS2.3AI score0.02323EPSS
Exploits0References3
OSV
OSV
added 2020/11/23 7:15 p.m.29 views

CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

5.3CVSS6.9AI score
Exploits0References6
NVD
NVD
added 2020/11/23 7:15 p.m.14 views

CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

5.3CVSS5.8AI score0.02323EPSS
Exploits0References6
OSV
OSV
added 2020/11/23 7:15 p.m.4 views

UBUNTU-CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

5.3CVSS5.8AI score0.02323EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2020/11/23 7:15 p.m.27 views

CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

5.3CVSS6.1AI score0.02323EPSS
Exploits0References5
Prion
Prion
added 2020/11/23 7:15 p.m.29 views

Authentication flaw

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

2.6CVSS5.3AI score0.02323EPSS
Exploits0References6Affected Software3
Cvelist
Cvelist
added 2020/11/23 6:52 p.m.18 views

CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

5.7AI score0.02323EPSS
Exploits0References6
CVE
CVE
added 2020/11/23 6:52 p.m.308 views

CVE-2020-28896

CVE-2020-28896 affects Mutt and NeoMutt where, during IMAP initial responses, the client did not properly consult $ssl_force_tls and/or close the connection, allowing potential exposure of authentication credentials to an unencrypted channel or a Man‑in‑the‑Middle. The issue occurs in Mutt up to ...

5.3CVSS5.6AI score0.02323EPSS
Exploits0References6Affected Software2
AlpineLinux
AlpineLinux
added 2020/11/23 6:52 p.m.35 views

CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

5.3CVSS5.9AI score0.02323EPSS
Exploits0
Debian CVE
Debian CVE
added 2020/11/23 6:52 p.m.28 views

CVE-2020-28896

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

5.3CVSS6AI score0.02323EPSS
Exploits0
CNNVD
CNNVD
added 2020/11/23 12:0 a.m.7 views

Mutt and NeoMutt Security Vulnerabilities

Mutt is a text-based mail client for Unix-like systems by Michael Elkins, the personal developer of NeoMutt, a command-line mail reader. A security vulnerability exists in Mutt versions prior to 2.0.2 and NeoMutt versions prior to 2020-11-20, which stems from a failure to ensure that $ssl force t...

5.3CVSS6.2AI score0.02323EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2020/11/23 12:0 a.m.4 views

PT-2020-6267 · Neomutt +9 · Neomutt +9

Name of the Vulnerable Software and Affected Versions: Mutt versions prior to 2.0.2 NeoMutt versions prior to 2020-11-20 Description: The issue is related to insufficient protection of registration data, which could allow a remote attacker to access confidential data. If an IMAP server's initial...

9.8CVSS6.7AI score0.06229EPSS
Exploits3References171
Tenable Nessus
Tenable Nessus
added 2020/09/28 12:0 a.m.32 views

EulerOS 2.0 SP3 : mutt (EulerOS-SA-2020-2109)

According to the versions of the mutt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.CVE-2020-14093 - Mutt before 1.14.4 and NeoMutt befo...

5.9CVSS6.3AI score0.02288EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/07/30 12:0 a.m.29 views

GLSA-202007-57 : Mutt, Neomutt: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202007-57 Mutt, Neomutt: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mutt and Neomutt. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE...

5.9CVSS6.2AI score0.02288EPSS
Exploits0References4
Gentoo Linux
Gentoo Linux
added 2020/07/28 12:0 a.m.34 views

Mutt, Neomutt: Multiple vulnerabilities

Background Mutt is a small but very powerful text-based mail client. NeoMutt is a command line mail reader or MUA. It’s a fork of Mutt with added features. Description Multiple vulnerabilities have been discovered in Mutt and Neomutt. Please review the CVE identifiers referenced below for details...

5.9CVSS6.8AI score0.02288EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2020/06/23 4:25 p.m.30 views

CVE-2020-14954

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a man-in-the-middle attacker and evaluates it in a TLS context, aka "response injection."...

4.3CVSS2.6AI score0.02288EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2020/06/23 12:0 a.m.23 views

Debian: Security Advisory (DSA-4708-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.2AI score0.02288EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/06/23 12:0 a.m.37 views

Debian DSA-4708-1 : neomutt - security update

Damian Poddebniak and Fabian Ising discovered two security issues in the STARTTLS handling of the Neomutt mail client, which could enable MITM attacks. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4708. Th...

5.9CVSS6.5AI score0.02288EPSS
Exploits0References4
CNVD
CNVD
added 2020/06/22 12:0 a.m.7 views

Mutt and NeoMutt Injection Vulnerabilities

Mutt is a text-based mail client for Unix-like systems by Michael Elkins Software Developers.NeoMutt is a command-line mail reader. An injection vulnerability exists in Mutt versions prior to 1.14.4 and NeoMutt versions prior to 2020-06-19. The vulnerability stems from a lack of proper validation...

5.9CVSS9.4AI score0.02288EPSS
Exploits0References1
Rows per page
Query Builder