Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/571944?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/571944?format=api", "purl": "pkg:deb/debian/mutt@1.5.21-6.2%2Bdeb7u3", "type": "deb", "namespace": "debian", "name": "mutt", "version": "1.5.21-6.2+deb7u3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.0.5-4.1+deb11u3", "latest_non_vulnerable_version": "2.0.5-4.1+deb11u3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73744?format=api", "vulnerability_id": "VCID-2jga-eah6-6bhb", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58984", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58933", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58927", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58814", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58889", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58911", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58878", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.5893", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58936", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58954", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58937", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58918", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58952", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58956", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58934", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58917", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/9e927affe3a021175f354af5fa01d22657c20585", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/9e927affe3a021175f354af5fa01d22657c20585" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14361", "reference_id": "CVE-2018-14361", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14361" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037129?format=api", "purl": "pkg:deb/debian/mutt@1.7.2-1%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.7.2-1%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037900?format=api", "purl": "pkg:deb/debian/mutt@1.10.1-2.1%2Bdeb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.10.1-2.1%252Bdeb10u6" } ], "aliases": [ "CVE-2018-14361" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2jga-eah6-6bhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51878?format=api", "vulnerability_id": "VCID-45b7-9f4d-ryac", "summary": "A heap-based buffer overflow in Mutt might allow remote attackers\n to cause a Denial of Service condition.", "references": [ { "reference_url": "http://advisories.mageia.org/MGASA-2014-0509.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://advisories.mageia.org/MGASA-2014-0509.html" }, { "reference_url": "http://dev.mutt.org/trac/ticket/3716", "reference_id": "", "reference_type": "", "scores": [], "url": "http://dev.mutt.org/trac/ticket/3716" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9116.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9116.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9116", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87718", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87578", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87587", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.876", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87603", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87623", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87629", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.8764", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87636", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87633", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87648", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87646", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87663", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.8767", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87668", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87684", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.877", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9116" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9116", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9116" }, { "reference_url": "http://www.debian.org/security/2014/dsa-3083", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2014/dsa-3083" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:245", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:245" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:078", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:078" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/11/27/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2014/11/27/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/11/27/9", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2014/11/27/9" }, { "reference_url": "http://www.securityfocus.com/bid/71334", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/71334" }, { "reference_url": "http://www.securitytracker.com/id/1031266", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1031266" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168463", "reference_id": "1168463", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168463" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.5.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:1.5.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.5.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9116", "reference_id": "CVE-2014-9116", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9116" }, { "reference_url": "https://security.gentoo.org/glsa/201701-04", "reference_id": "GLSA-201701-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-04" }, { "reference_url": "https://usn.ubuntu.com/2440-1/", "reference_id": "USN-2440-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2440-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037128?format=api", "purl": "pkg:deb/debian/mutt@1.5.23-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.5.23-3" } ], "aliases": [ "CVE-2014-9116" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-45b7-9f4d-ryac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59547?format=api", "vulnerability_id": "VCID-4hym-sx7t-qbh1", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14355.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14355.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73054", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73241", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.732", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73199", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73193", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.7322", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73063", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73084", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73058", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73095", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73108", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73133", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73112", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73106", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73149", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73159", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73151", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73187", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602081", "reference_id": "1602081", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602081" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14355", "reference_id": "CVE-2018-14355", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14355" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1126", "reference_id": "RHSA-2020:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1126" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037129?format=api", "purl": "pkg:deb/debian/mutt@1.7.2-1%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.7.2-1%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037900?format=api", "purl": "pkg:deb/debian/mutt@1.10.1-2.1%2Bdeb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.10.1-2.1%252Bdeb10u6" } ], "aliases": [ "CVE-2018-14355" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hym-sx7t-qbh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73743?format=api", "vulnerability_id": "VCID-4zbn-7d8g-5bgx", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.5273", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52633", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52686", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52641", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52685", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52712", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52677", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52727", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52722", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52772", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52755", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52739", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52777", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52785", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52768", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52718", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52728", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52689", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/6296f7153f0c9d5e5cd3aaf08f9731e56621bdd3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/6296f7153f0c9d5e5cd3aaf08f9731e56621bdd3" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14360", "reference_id": "CVE-2018-14360", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14360" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037129?format=api", "purl": "pkg:deb/debian/mutt@1.7.2-1%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.7.2-1%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037900?format=api", "purl": "pkg:deb/debian/mutt@1.10.1-2.1%2Bdeb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.10.1-2.1%252Bdeb10u6" } ], "aliases": [ "CVE-2018-14360" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4zbn-7d8g-5bgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59548?format=api", "vulnerability_id": "VCID-4zs7-nyzq-zydh", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14356.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14356.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75224", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.7542", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75354", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75357", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75365", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75395", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75227", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75259", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75236", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75279", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75289", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.7531", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75288", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75277", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75316", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75323", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75314", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75349", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1604047", "reference_id": "1604047", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1604047" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14356", "reference_id": "CVE-2018-14356", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14356" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037129?format=api", "purl": "pkg:deb/debian/mutt@1.7.2-1%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.7.2-1%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037900?format=api", "purl": "pkg:deb/debian/mutt@1.10.1-2.1%2Bdeb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.10.1-2.1%252Bdeb10u6" } ], "aliases": [ "CVE-2018-14356" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4zs7-nyzq-zydh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61880?format=api", "vulnerability_id": "VCID-5dxq-th2e-eke5", "summary": "A vulnerability in Mutt and NeoMutt could lead to a Denial of\n Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32055.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32055.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32055", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58599", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58762", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58692", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58659", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58704", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58682", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58703", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.5867", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58722", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58728", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58747", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58708", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58742", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58746", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58724", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58693", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58707", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32055" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32055", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32055" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957451", "reference_id": "1957451", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957451" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988106", "reference_id": "988106", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988106" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988107", "reference_id": "988107", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988107" }, { "reference_url": "https://security.archlinux.org/AVG-1922", "reference_id": "AVG-1922", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1922" }, { "reference_url": "https://security.archlinux.org/AVG-1923", "reference_id": "AVG-1923", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1923" }, { "reference_url": "https://security.gentoo.org/glsa/202105-05", "reference_id": "GLSA-202105-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-05" }, { "reference_url": "https://usn.ubuntu.com/5392-1/", "reference_id": "USN-5392-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5392-1/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049080?format=api", "purl": "pkg:deb/debian/mutt@2.0.5-4.1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@2.0.5-4.1%252Bdeb11u3" } ], "aliases": [ "CVE-2021-32055" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5dxq-th2e-eke5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59551?format=api", "vulnerability_id": "VCID-7f9n-6yxm-zuhu", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14359.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14359.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88049", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.8818", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88141", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.8814", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88152", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88166", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88058", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88072", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88078", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88097", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88103", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88113", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88105", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88106", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88119", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88117", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88135", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1604084", "reference_id": "1604084", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1604084" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14359", "reference_id": "CVE-2018-14359", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14359" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037129?format=api", "purl": "pkg:deb/debian/mutt@1.7.2-1%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.7.2-1%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037900?format=api", "purl": "pkg:deb/debian/mutt@1.10.1-2.1%2Bdeb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.10.1-2.1%252Bdeb10u6" } ], "aliases": [ "CVE-2018-14359" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7f9n-6yxm-zuhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50770?format=api", "vulnerability_id": "VCID-86dz-udh7-7kd5", "summary": "A weakness was discovered in Mutt and NeoMutt's TLS handshake\n handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28896.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28896.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28896", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26714", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26415", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26422", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.2629", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26359", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.2676", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26801", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26585", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26652", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26703", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26707", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26663", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26606", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26613", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26546", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26488", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26481", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28896" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28896", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28896" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900826", "reference_id": "1900826", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900826" }, { "reference_url": "https://security.archlinux.org/ASA-202011-24", "reference_id": "ASA-202011-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202011-24" }, { "reference_url": "https://security.archlinux.org/ASA-202011-25", "reference_id": "ASA-202011-25", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202011-25" }, { "reference_url": "https://security.archlinux.org/AVG-1288", "reference_id": "AVG-1288", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1288" }, { "reference_url": "https://security.archlinux.org/AVG-1289", "reference_id": "AVG-1289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1289" }, { "reference_url": "https://security.gentoo.org/glsa/202101-32", "reference_id": "GLSA-202101-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202101-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4181", "reference_id": "RHSA-2021:4181", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4181" }, { "reference_url": "https://usn.ubuntu.com/4645-1/", "reference_id": "USN-4645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4645-1/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049080?format=api", "purl": "pkg:deb/debian/mutt@2.0.5-4.1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@2.0.5-4.1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-28896" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-86dz-udh7-7kd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59550?format=api", "vulnerability_id": "VCID-bbnw-jxah-rfbh", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14358.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14358.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79504", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79696", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79623", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79639", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79656", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79677", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.7951", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79533", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79519", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79548", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79555", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79577", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.7956", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79552", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79582", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.7958", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79585", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79617", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1604064", "reference_id": "1604064", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1604064" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14358", "reference_id": "CVE-2018-14358", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14358" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037129?format=api", "purl": "pkg:deb/debian/mutt@1.7.2-1%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.7.2-1%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037900?format=api", "purl": "pkg:deb/debian/mutt@1.10.1-2.1%2Bdeb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.10.1-2.1%252Bdeb10u6" } ], "aliases": [ "CVE-2018-14358" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bbnw-jxah-rfbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59540?format=api", "vulnerability_id": "VCID-ce8r-3je8-97bm", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14350.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14350.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86682", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86841", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86783", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86784", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86805", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86824", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86693", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86712", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86731", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86741", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86754", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86751", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86744", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86764", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.8676", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86776", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "http://www.securityfocus.com/bid/104931", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104931" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602922", "reference_id": "1602922", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602922" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14350", "reference_id": "CVE-2018-14350", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14350" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037129?format=api", "purl": "pkg:deb/debian/mutt@1.7.2-1%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.7.2-1%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037900?format=api", "purl": "pkg:deb/debian/mutt@1.10.1-2.1%2Bdeb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.10.1-2.1%252Bdeb10u6" } ], "aliases": [ "CVE-2018-14350" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ce8r-3je8-97bm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78093?format=api", "vulnerability_id": "VCID-d15r-ncw4-hfdh", "summary": "mutt: null pointer dereference", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4874.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4874.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4874", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23798", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23501", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23521", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.2351", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23473", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23354", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23435", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23838", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23615", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23684", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23731", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23747", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23704", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23648", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.2366", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23652", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23633", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4874" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4874", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4874" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4875" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051563", "reference_id": "1051563", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051563" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238240", "reference_id": "2238240", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238240" }, { "reference_url": "https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch", "reference_id": "452ee330e094bfc7c9a68555e5152b1826534555.patch", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T15:16:03Z/" } ], "url": "https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch" }, { "reference_url": "https://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0.patch", "reference_id": "a4752eb0ae0a521eec02e59e51ae5daedf74fda0.patch", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T15:16:03Z/" } ], "url": "https://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0.patch" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2290", "reference_id": "RHSA-2024:2290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3058", "reference_id": "RHSA-2024:3058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3058" }, { "reference_url": "https://usn.ubuntu.com/6374-1/", "reference_id": "USN-6374-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6374-1/" }, { "reference_url": "https://usn.ubuntu.com/6374-2/", "reference_id": "USN-6374-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6374-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049080?format=api", "purl": "pkg:deb/debian/mutt@2.0.5-4.1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@2.0.5-4.1%252Bdeb11u3" } ], "aliases": [ "CVE-2023-4874" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d15r-ncw4-hfdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59537?format=api", "vulnerability_id": "VCID-eyfx-wdun-3fhq", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14349.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14349.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75224", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.7542", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75354", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75357", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75365", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75395", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75227", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75259", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75236", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75279", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75289", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.7531", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75288", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75277", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75316", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75323", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75314", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75349", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602934", "reference_id": "1602934", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602934" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14349", "reference_id": "CVE-2018-14349", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14349" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037129?format=api", "purl": "pkg:deb/debian/mutt@1.7.2-1%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.7.2-1%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037900?format=api", "purl": "pkg:deb/debian/mutt@1.10.1-2.1%2Bdeb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.10.1-2.1%252Bdeb10u6" } ], "aliases": [ "CVE-2018-14349" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eyfx-wdun-3fhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59549?format=api", "vulnerability_id": "VCID-fyys-8z34-cufn", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14357.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14357.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84812", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.85002", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84933", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84942", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84959", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84983", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84827", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84845", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84847", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.8487", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84877", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84895", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84894", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84888", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.8491", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84908", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602915", "reference_id": "1602915", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602915" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14357", "reference_id": "CVE-2018-14357", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14357" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2526", "reference_id": "RHSA-2018:2526", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2526" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037129?format=api", "purl": "pkg:deb/debian/mutt@1.7.2-1%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.7.2-1%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037900?format=api", "purl": "pkg:deb/debian/mutt@1.10.1-2.1%2Bdeb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.10.1-2.1%252Bdeb10u6" } ], "aliases": [ "CVE-2018-14357" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fyys-8z34-cufn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59552?format=api", "vulnerability_id": "VCID-htz5-1fbu-5qfb", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14362.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14362.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82086", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82289", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82227", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82229", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82245", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82266", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82098", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82119", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82115", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82142", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82149", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82168", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.8216", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82154", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82192", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82194", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82216", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602079", "reference_id": "1602079", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602079" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14362", "reference_id": "CVE-2018-14362", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14362" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2526", "reference_id": "RHSA-2018:2526", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2526" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037129?format=api", "purl": "pkg:deb/debian/mutt@1.7.2-1%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.7.2-1%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037900?format=api", "purl": "pkg:deb/debian/mutt@1.10.1-2.1%2Bdeb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.10.1-2.1%252Bdeb10u6" } ], "aliases": [ "CVE-2018-14362" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-htz5-1fbu-5qfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59543?format=api", "vulnerability_id": "VCID-j1v7-r585-eqeq", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14352.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14352.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86793", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86955", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86895", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86897", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86919", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86938", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86804", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86823", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86817", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86836", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86845", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86858", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86854", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86849", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86866", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86871", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86872", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86889", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1604034", "reference_id": "1604034", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1604034" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14352", "reference_id": "CVE-2018-14352", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14352" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037129?format=api", "purl": "pkg:deb/debian/mutt@1.7.2-1%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.7.2-1%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037900?format=api", "purl": "pkg:deb/debian/mutt@1.10.1-2.1%2Bdeb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.10.1-2.1%252Bdeb10u6" } ], "aliases": [ "CVE-2018-14352" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j1v7-r585-eqeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56485?format=api", "vulnerability_id": "VCID-k6ud-492m-yqdp", "summary": "Multiple vulnerabilities have been found in Mutt and Neomutt, the\n worst of which could result in an access restriction bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14154.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14154.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14154", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71783", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.7179", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71809", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71782", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71821", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71832", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71857", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.7184", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71822", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71864", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71869", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71852", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71897", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71902", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.719", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.7189", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71924", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71956", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14154" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848287", "reference_id": "1848287", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848287" }, { "reference_url": "https://security.gentoo.org/glsa/202007-57", "reference_id": "GLSA-202007-57", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-57" }, { "reference_url": "https://usn.ubuntu.com/4401-1/", "reference_id": "USN-4401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4401-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049080?format=api", "purl": "pkg:deb/debian/mutt@2.0.5-4.1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@2.0.5-4.1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-14154" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k6ud-492m-yqdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59545?format=api", "vulnerability_id": "VCID-nyyz-7jhc-4qd6", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14353.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14353.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.80872", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.81067", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.80998", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.81009", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.81023", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.81045", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.8088", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.80903", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.809", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.80928", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.80937", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.80953", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.80939", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.8093", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.80966", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.80967", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.80969", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.8099", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1604040", "reference_id": "1604040", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1604040" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14353", "reference_id": "CVE-2018-14353", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14353" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037129?format=api", "purl": "pkg:deb/debian/mutt@1.7.2-1%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.7.2-1%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037900?format=api", "purl": "pkg:deb/debian/mutt@1.10.1-2.1%2Bdeb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.10.1-2.1%252Bdeb10u6" } ], "aliases": [ "CVE-2018-14353" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nyyz-7jhc-4qd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38782?format=api", "vulnerability_id": "VCID-rabc-wwt3-j3a3", "summary": "A vulnerability in Mutt could allow remote attackers to execute\n arbitrary code or cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0467.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0467.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0467", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.8279", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82806", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82819", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82815", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.8284", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82846", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82862", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82857", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82853", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82892", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82894", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82915", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82925", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82929", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.8295", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.8297", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82991", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1075860", "reference_id": "1075860", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1075860" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708731", "reference_id": "708731", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708731" }, { "reference_url": "https://security.gentoo.org/glsa/201406-05", "reference_id": "GLSA-201406-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201406-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0304", "reference_id": "RHSA-2014:0304", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0304" }, { "reference_url": "https://usn.ubuntu.com/2147-1/", "reference_id": "USN-2147-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2147-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037128?format=api", "purl": "pkg:deb/debian/mutt@1.5.23-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.5.23-3" } ], "aliases": [ "CVE-2014-0467" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rabc-wwt3-j3a3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56484?format=api", "vulnerability_id": "VCID-rhbd-qbus-ruhc", "summary": "Multiple vulnerabilities have been found in Mutt and Neomutt, the\n worst of which could result in an access restriction bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14093.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14093.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14093", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88158", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88166", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88182", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88189", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88208", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88214", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88225", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88217", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.8823", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88229", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88248", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88253", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88256", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88268", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88283", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88296", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14093" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14093", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14093" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14954", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14954" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848360", "reference_id": "1848360", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848360" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962897", "reference_id": "962897", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962897" }, { "reference_url": "https://security.gentoo.org/glsa/202007-57", "reference_id": "GLSA-202007-57", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-57" }, { "reference_url": "https://usn.ubuntu.com/4401-1/", "reference_id": "USN-4401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4401-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037129?format=api", "purl": "pkg:deb/debian/mutt@1.7.2-1%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.7.2-1%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037900?format=api", "purl": "pkg:deb/debian/mutt@1.10.1-2.1%2Bdeb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.10.1-2.1%252Bdeb10u6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049080?format=api", "purl": "pkg:deb/debian/mutt@2.0.5-4.1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@2.0.5-4.1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-14093" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhbd-qbus-ruhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/78094?format=api", "vulnerability_id": "VCID-s7jp-h1gx-f3db", "summary": "mutt: null pointer dereference", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4875.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4875.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4875", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07014", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07342", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0716", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07125", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07091", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07105", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0726", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0707", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07045", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07099", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07131", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07129", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07118", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07109", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07028", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4874", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4874" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4875" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051563", "reference_id": "1051563", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051563" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238241", "reference_id": "2238241", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238241" }, { "reference_url": "https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch", "reference_id": "452ee330e094bfc7c9a68555e5152b1826534555.patch", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T15:14:35Z/" } ], "url": "https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555.patch" }, { "reference_url": "https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch", "reference_id": "4cc3128abdf52c615911589394a03271fddeefc6.patch", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T15:14:35Z/" } ], "url": "https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6.patch" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2290", "reference_id": "RHSA-2024:2290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3058", "reference_id": "RHSA-2024:3058", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3058" }, { "reference_url": "https://usn.ubuntu.com/6374-1/", "reference_id": "USN-6374-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6374-1/" }, { "reference_url": "https://usn.ubuntu.com/6374-2/", "reference_id": "USN-6374-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6374-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049080?format=api", "purl": "pkg:deb/debian/mutt@2.0.5-4.1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@2.0.5-4.1%252Bdeb11u3" } ], "aliases": [ "CVE-2023-4875" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s7jp-h1gx-f3db" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79523?format=api", "vulnerability_id": "VCID-sdgd-qstu-pudm", "summary": "mutt: buffer overflow in uudecoder function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1328.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1328.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1328", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44268", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.4434", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44362", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44299", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44351", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44356", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44374", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44342", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44341", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44397", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44388", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50548", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50661", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50609", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50616", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.5057", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50494", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50577", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1328" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1328", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1328" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009734", "reference_id": "1009734", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009734" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009735", "reference_id": "1009735", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009735" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076058", "reference_id": "2076058", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7640", "reference_id": "RHSA-2022:7640", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7640" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8219", "reference_id": "RHSA-2022:8219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8219" }, { "reference_url": "https://usn.ubuntu.com/5392-1/", "reference_id": "USN-5392-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5392-1/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1049080?format=api", "purl": "pkg:deb/debian/mutt@2.0.5-4.1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@2.0.5-4.1%252Bdeb11u3" } ], "aliases": [ "CVE-2022-1328" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sdgd-qstu-pudm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73745?format=api", "vulnerability_id": "VCID-ssk5-y54s-53gk", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44409", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44314", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44391", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44544", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44623", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44644", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44582", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44633", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44636", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44652", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44624", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44678", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.4467", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44601", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44515", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44518", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44437", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14363" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14363", "reference_id": "CVE-2018-14363", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14363" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037129?format=api", "purl": "pkg:deb/debian/mutt@1.7.2-1%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.7.2-1%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037900?format=api", "purl": "pkg:deb/debian/mutt@1.10.1-2.1%2Bdeb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.10.1-2.1%252Bdeb10u6" } ], "aliases": [ "CVE-2018-14363" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ssk5-y54s-53gk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43087?format=api", "vulnerability_id": "VCID-t7kq-u427-mbd7", "summary": "A vulnerability in Mutt could lead to a Denial of Service\n condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3181.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3181.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3181", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86497", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86652", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86617", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86636", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86507", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86525", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86524", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86544", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86554", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86569", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86565", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86558", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86573", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86578", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.8657", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86588", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86597", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02997", "scoring_system": "epss", "scoring_elements": "0.86596", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3181" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3181", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3181" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920446", "reference_id": "1920446", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1920446" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980326", "reference_id": "980326", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980326" }, { "reference_url": "https://security.archlinux.org/ASA-202101-43", "reference_id": "ASA-202101-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-43" }, { "reference_url": "https://security.archlinux.org/AVG-1476", "reference_id": "AVG-1476", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1476" }, { "reference_url": "https://security.gentoo.org/glsa/202101-25", "reference_id": "GLSA-202101-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202101-25" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4181", "reference_id": "RHSA-2021:4181", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4181" }, { "reference_url": "https://usn.ubuntu.com/4703-1/", "reference_id": "USN-4703-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4703-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037900?format=api", "purl": "pkg:deb/debian/mutt@1.10.1-2.1%2Bdeb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.10.1-2.1%252Bdeb10u6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049080?format=api", "purl": "pkg:deb/debian/mutt@2.0.5-4.1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@2.0.5-4.1%252Bdeb11u3" } ], "aliases": [ "CVE-2021-3181" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t7kq-u427-mbd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59541?format=api", "vulnerability_id": "VCID-u7cd-qnpy-y3az", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14351.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14351.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75224", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.7542", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75354", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75357", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75365", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75395", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75227", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75259", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75236", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75279", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75289", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.7531", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75288", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75277", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75316", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75323", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75314", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75349", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602953", "reference_id": "1602953", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602953" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14351", "reference_id": "CVE-2018-14351", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14351" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037129?format=api", "purl": "pkg:deb/debian/mutt@1.7.2-1%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.7.2-1%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037900?format=api", "purl": "pkg:deb/debian/mutt@1.10.1-2.1%2Bdeb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.10.1-2.1%252Bdeb10u6" } ], "aliases": [ "CVE-2018-14351" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u7cd-qnpy-y3az" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59546?format=api", "vulnerability_id": "VCID-u8at-7vh4-f7fe", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14354.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14354.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84812", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.85002", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84933", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84942", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84959", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84983", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84827", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84845", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84847", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.8487", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84877", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84895", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84894", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84888", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.8491", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84908", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "http://www.securityfocus.com/bid/104925", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104925" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602069", "reference_id": "1602069", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602069" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14354", "reference_id": "CVE-2018-14354", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14354" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2526", "reference_id": "RHSA-2018:2526", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2526" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037129?format=api", "purl": "pkg:deb/debian/mutt@1.7.2-1%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.7.2-1%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037900?format=api", "purl": "pkg:deb/debian/mutt@1.10.1-2.1%2Bdeb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.10.1-2.1%252Bdeb10u6" } ], "aliases": [ "CVE-2018-14354" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u8at-7vh4-f7fe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56486?format=api", "vulnerability_id": "VCID-yvgu-yg5k-z3ff", "summary": "Multiple vulnerabilities have been found in Mutt and Neomutt, the\n worst of which could result in an access restriction bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14954.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14954.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14954", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90453", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90457", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90469", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90474", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90487", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90493", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.905", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90494", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90511", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.9051", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90522", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90521", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90518", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.9053", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90547", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90559", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14954" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14093", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14093" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14954", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14954" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850170", "reference_id": "1850170", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850170" }, { "reference_url": "https://security.gentoo.org/glsa/202007-57", "reference_id": "GLSA-202007-57", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-57" }, { "reference_url": "https://usn.ubuntu.com/4403-1/", "reference_id": "USN-4403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4403-1/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037129?format=api", "purl": "pkg:deb/debian/mutt@1.7.2-1%2Bdeb9u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.7.2-1%252Bdeb9u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037900?format=api", "purl": "pkg:deb/debian/mutt@1.10.1-2.1%2Bdeb10u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.10.1-2.1%252Bdeb10u6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1049080?format=api", "purl": "pkg:deb/debian/mutt@2.0.5-4.1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@2.0.5-4.1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-14954" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yvgu-yg5k-z3ff" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51878?format=api", "vulnerability_id": "VCID-45b7-9f4d-ryac", "summary": "A heap-based buffer overflow in Mutt might allow remote attackers\n to cause a Denial of Service condition.", "references": [ { "reference_url": "http://advisories.mageia.org/MGASA-2014-0509.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://advisories.mageia.org/MGASA-2014-0509.html" }, { "reference_url": "http://dev.mutt.org/trac/ticket/3716", "reference_id": "", "reference_type": "", "scores": [], "url": "http://dev.mutt.org/trac/ticket/3716" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00002.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9116.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9116.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9116", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87718", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87578", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87587", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.876", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87603", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87623", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87629", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.8764", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87636", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87633", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87648", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87646", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87663", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.8767", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87668", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.87684", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03515", "scoring_system": "epss", "scoring_elements": "0.877", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9116" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9116", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9116" }, { "reference_url": "http://www.debian.org/security/2014/dsa-3083", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2014/dsa-3083" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:245", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:245" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:078", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:078" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/11/27/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2014/11/27/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/11/27/9", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2014/11/27/9" }, { "reference_url": "http://www.securityfocus.com/bid/71334", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/71334" }, { "reference_url": "http://www.securitytracker.com/id/1031266", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1031266" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168463", "reference_id": "1168463", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1168463" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.5.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:1.5.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:1.5.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9116", "reference_id": "CVE-2014-9116", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9116" }, { "reference_url": "https://security.gentoo.org/glsa/201701-04", "reference_id": "GLSA-201701-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-04" }, { "reference_url": "https://usn.ubuntu.com/2440-1/", "reference_id": "USN-2440-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2440-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571944?format=api", "purl": "pkg:deb/debian/mutt@1.5.21-6.2%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-45b7-9f4d-ryac" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rabc-wwt3-j3a3" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.5.21-6.2%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037128?format=api", "purl": "pkg:deb/debian/mutt@1.5.23-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.5.23-3" } ], "aliases": [ "CVE-2014-9116" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-45b7-9f4d-ryac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38782?format=api", "vulnerability_id": "VCID-rabc-wwt3-j3a3", "summary": "A vulnerability in Mutt could allow remote attackers to execute\n arbitrary code or cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0467.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0467.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0467", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.8279", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82806", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82819", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82815", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.8284", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82846", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82862", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82857", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82853", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82892", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82894", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82915", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82925", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82929", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.8295", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.8297", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01816", "scoring_system": "epss", "scoring_elements": "0.82991", "published_at": "2026-05-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0467" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1075860", "reference_id": "1075860", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1075860" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708731", "reference_id": "708731", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708731" }, { "reference_url": "https://security.gentoo.org/glsa/201406-05", "reference_id": "GLSA-201406-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201406-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0304", "reference_id": "RHSA-2014:0304", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0304" }, { "reference_url": "https://usn.ubuntu.com/2147-1/", "reference_id": "USN-2147-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2147-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571944?format=api", "purl": "pkg:deb/debian/mutt@1.5.21-6.2%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-45b7-9f4d-ryac" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rabc-wwt3-j3a3" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.5.21-6.2%252Bdeb7u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037128?format=api", "purl": "pkg:deb/debian/mutt@1.5.23-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.5.23-3" } ], "aliases": [ "CVE-2014-0467" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rabc-wwt3-j3a3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87467?format=api", "vulnerability_id": "VCID-uh2u-tyhx-jqey", "summary": "mutt: SSL host name check may be skipped when verifying certificate chain", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061353.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061353.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061356.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061356.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061461.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061461.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1429.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1429.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1429", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47709", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47701", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47738", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47758", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47708", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47762", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47783", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.4776", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.4777", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47825", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47817", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47769", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47752", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47707", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47624", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00245", "scoring_system": "epss", "scoring_elements": "0.47687", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1429" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1429", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1429" }, { "reference_url": "http://seclists.org/fulldisclosure/2011/Mar/87", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/fulldisclosure/2011/Mar/87" }, { "reference_url": "http://secunia.com/advisories/44937", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/44937" }, { "reference_url": "http://securityreason.com/securityalert/8143", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securityreason.com/securityalert/8143" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66015" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0959.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.redhat.com/support/errata/RHSA-2011-0959.html" }, { "reference_url": "http://www.securityfocus.com/bid/46803", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/46803" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619216", "reference_id": "619216", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619216" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=688755", "reference_id": "688755", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688755" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1429", "reference_id": "CVE-2011-1429", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0959", "reference_id": "RHSA-2011:0959", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0959" }, { "reference_url": "https://usn.ubuntu.com/1221-1/", "reference_id": "USN-1221-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1221-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/571944?format=api", "purl": "pkg:deb/debian/mutt@1.5.21-6.2%2Bdeb7u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2jga-eah6-6bhb" }, { "vulnerability": "VCID-45b7-9f4d-ryac" }, { "vulnerability": "VCID-4hym-sx7t-qbh1" }, { "vulnerability": "VCID-4zbn-7d8g-5bgx" }, { "vulnerability": "VCID-4zs7-nyzq-zydh" }, { "vulnerability": "VCID-5dxq-th2e-eke5" }, { "vulnerability": "VCID-7f9n-6yxm-zuhu" }, { "vulnerability": "VCID-86dz-udh7-7kd5" }, { "vulnerability": "VCID-bbnw-jxah-rfbh" }, { "vulnerability": "VCID-ce8r-3je8-97bm" }, { "vulnerability": "VCID-d15r-ncw4-hfdh" }, { "vulnerability": "VCID-eyfx-wdun-3fhq" }, { "vulnerability": "VCID-fyys-8z34-cufn" }, { "vulnerability": "VCID-htz5-1fbu-5qfb" }, { "vulnerability": "VCID-j1v7-r585-eqeq" }, { "vulnerability": "VCID-k6ud-492m-yqdp" }, { "vulnerability": "VCID-nyyz-7jhc-4qd6" }, { "vulnerability": "VCID-rabc-wwt3-j3a3" }, { "vulnerability": "VCID-rhbd-qbus-ruhc" }, { "vulnerability": "VCID-s7jp-h1gx-f3db" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-ssk5-y54s-53gk" }, { "vulnerability": "VCID-t7kq-u427-mbd7" }, { "vulnerability": "VCID-u7cd-qnpy-y3az" }, { "vulnerability": "VCID-u8at-7vh4-f7fe" }, { "vulnerability": "VCID-yvgu-yg5k-z3ff" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.5.21-6.2%252Bdeb7u3" } ], "aliases": [ "CVE-2011-1429" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uh2u-tyhx-jqey" } ], "risk_score": "4.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/mutt@1.5.21-6.2%252Bdeb7u3" }