- Home
- CVEs with nessus.description==Kevin J. McCarthy reports :
Fixes a remote code injection vulnerability when 'subscribing' to an IMAP mailbox, either via $imap_check_subscribed, or via the <subscribe> function in the browser menu. Mutt was generating a 'mailboxes' command and sending that along to the muttrc parser.
However, it was not escaping '`', which executes code and inserts the result. This would allow a malicious IMAP server to execute arbitrary code (for $imap_check_subscribed).
Fixes POP body caching path traversal vulnerability.
Fixes IMAP header caching path traversal vulnerability.
CVE-2018-14349 - NO Response Heap Overflow
CVE-2018-14350 - INTERNALDATE Stack Overflow
CVE-2018-14351 - STATUS Literal Length relative write
CVE-2018-14352 - imap_quote_string off-by-one stack overflow
CVE-2018-14353 - imap_quote_string int underflow
CVE-2018-14354 - imap_subscribe Remote Code Execution
CVE-2018-14355 - STATUS mailbox header cache directory traversal
CVE-2018-14356 - POP empty UID NULL deref
CVE-2018-14357 - LSUB Remote Code Execution
CVE-2018-14358 - RFC822.SIZE Stack Overflow
CVE-2018-14359 - base64 decode Stack Overflow
CVE-2018-14362 - POP Message Cache Directory Traversal
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top