373 matches found
[ASA-202011-24] neomutt: silent downgrade
Arch Linux Security Advisory ASA-202011-24 ========================================== Severity: High Date : 2020-11-26 CVE-ID : CVE-2020-28896 Package : neomutt Type : silent downgrade Remote : Yes Link : https://security.archlinux.org/AVG-1289 Summary ======= The package neomutt before version...
CVE-2020-28896
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...
CVE-2020-28896
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...
CVE-2020-28896
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...
UBUNTU-CVE-2020-28896
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...
CVE-2020-28896
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...
Authentication flaw
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...
CVE-2020-28896
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...
CVE-2020-28896
CVE-2020-28896 affects Mutt and NeoMutt where, during IMAP initial responses, the client did not properly consult $ssl_force_tls and/or close the connection, allowing potential exposure of authentication credentials to an unencrypted channel or a Man‑in‑the‑Middle. The issue occurs in Mutt up to ...
CVE-2020-28896
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...
CVE-2020-28896
Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...
Mutt and NeoMutt Security Vulnerabilities
Mutt is a text-based mail client for Unix-like systems by Michael Elkins, the personal developer of NeoMutt, a command-line mail reader. A security vulnerability exists in Mutt versions prior to 2.0.2 and NeoMutt versions prior to 2020-11-20, which stems from a failure to ensure that $ssl force t...
PT-2020-6267 · Neomutt +9 · Neomutt +9
Name of the Vulnerable Software and Affected Versions: Mutt versions prior to 2.0.2 NeoMutt versions prior to 2020-11-20 Description: The issue is related to insufficient protection of registration data, which could allow a remote attacker to access confidential data. If an IMAP server's initial...
EulerOS 2.0 SP3 : mutt (EulerOS-SA-2020-2109)
According to the versions of the mutt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.CVE-2020-14093 - Mutt before 1.14.4 and NeoMutt befo...
GLSA-202007-57 : Mutt, Neomutt: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202007-57 Mutt, Neomutt: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mutt and Neomutt. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE...
Mutt, Neomutt: Multiple vulnerabilities
Background Mutt is a small but very powerful text-based mail client. NeoMutt is a command line mail reader or MUA. It’s a fork of Mutt with added features. Description Multiple vulnerabilities have been discovered in Mutt and Neomutt. Please review the CVE identifiers referenced below for details...
CVE-2020-14954
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a man-in-the-middle attacker and evaluates it in a TLS context, aka "response injection."...
Debian: Security Advisory (DSA-4708-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-4708-1 : neomutt - security update
Damian Poddebniak and Fabian Ising discovered two security issues in the STARTTLS handling of the Neomutt mail client, which could enable MITM attacks. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4708. Th...
Mutt and NeoMutt Injection Vulnerabilities
Mutt is a text-based mail client for Unix-like systems by Michael Elkins Software Developers.NeoMutt is a command-line mail reader. An injection vulnerability exists in Mutt versions prior to 1.14.4 and NeoMutt versions prior to 2020-06-19. The vulnerability stems from a lack of proper validation...