Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/931609?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "type": "deb", "namespace": "debian", "name": "neomutt", "version": "20201127+dfsg.1-1.2", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "20220429+dfsg1-1", "latest_non_vulnerable_version": "20260504+dfsg-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72808?format=api", "vulnerability_id": "VCID-bdyk-zv3q-z3d7", "summary": "mutt: neomutt: To and Cc email header fields are not protected by cryptographic signing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49393.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49393.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-49393", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19224", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23968", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24038", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23995", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.23886", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24381", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24165", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24231", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24274", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24291", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24249", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24191", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24207", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24195", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24172", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24049", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-49393" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49393", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49393" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325317", "reference_id": "2325317", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-12T14:25:28Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325317" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-49393", "reference_id": "CVE-2024-49393", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-12T14:25:28Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-49393" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931615?format=api", "purl": "pkg:deb/debian/neomutt@20241002%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20241002%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-49393" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bdyk-zv3q-z3d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/79523?format=api", "vulnerability_id": "VCID-sdgd-qstu-pudm", "summary": "mutt: buffer overflow in uudecoder function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1328.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1328.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1328", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44268", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.4434", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44362", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44299", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44351", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44356", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44374", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44342", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44341", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44397", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44388", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50616", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50661", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50609", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50548", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.50494", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00272", "scoring_system": "epss", "scoring_elements": "0.5057", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-1328" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1328", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1328" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009734", "reference_id": "1009734", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009734" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009735", "reference_id": "1009735", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009735" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076058", "reference_id": "2076058", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076058" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7640", "reference_id": "RHSA-2022:7640", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7640" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8219", "reference_id": "RHSA-2022:8219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8219" }, { "reference_url": "https://usn.ubuntu.com/5392-1/", "reference_id": "USN-5392-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5392-1/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931614?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-1328" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sdgd-qstu-pudm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72809?format=api", "vulnerability_id": "VCID-tnpu-7bve-fbfk", "summary": "mutt: neomutt: In-Reply-To email header field it not protected by cryptograpic signing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49394.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49394.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-49394", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.2383", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23904", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23862", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23747", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24205", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24241", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24027", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24095", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24141", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24158", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24116", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24059", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24072", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.2406", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.24044", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00082", "scoring_system": "epss", "scoring_elements": "0.23916", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-49394" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49394", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49394" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325330", "reference_id": "2325330", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T14:24:55Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325330" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-49394", "reference_id": "CVE-2024-49394", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T14:24:55Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-49394" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931615?format=api", "purl": "pkg:deb/debian/neomutt@20241002%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20241002%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-49394" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tnpu-7bve-fbfk" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73744?format=api", "vulnerability_id": "VCID-2jga-eah6-6bhb", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58927", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58917", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58933", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58814", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58889", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58911", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58878", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.5893", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58936", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58954", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58937", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58918", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58952", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58956", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58934", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/9e927affe3a021175f354af5fa01d22657c20585", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/9e927affe3a021175f354af5fa01d22657c20585" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14361", "reference_id": "CVE-2018-14361", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14361" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931608?format=api", "purl": "pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14361" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2jga-eah6-6bhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59547?format=api", "vulnerability_id": "VCID-4hym-sx7t-qbh1", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14355.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14355.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73054", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.7322", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73187", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.732", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73199", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73193", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73063", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73084", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73058", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73095", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73108", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73133", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73112", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73106", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73149", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73159", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00748", "scoring_system": "epss", "scoring_elements": "0.73151", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/57971dba06346b2d7179294f4528b8d4427a7c5d" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602081", "reference_id": "1602081", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602081" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14355", "reference_id": "CVE-2018-14355", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14355" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1126", "reference_id": "RHSA-2020:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1126" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931608?format=api", "purl": "pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14355" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hym-sx7t-qbh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73743?format=api", "vulnerability_id": "VCID-4zbn-7d8g-5bgx", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52686", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52689", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52633", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52641", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52685", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52712", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52677", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52727", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52722", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52772", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52755", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52739", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52777", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52785", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52768", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52718", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00294", "scoring_system": "epss", "scoring_elements": "0.52728", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/6296f7153f0c9d5e5cd3aaf08f9731e56621bdd3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/6296f7153f0c9d5e5cd3aaf08f9731e56621bdd3" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14360", "reference_id": "CVE-2018-14360", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14360" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931608?format=api", "purl": "pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14360" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4zbn-7d8g-5bgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59548?format=api", "vulnerability_id": "VCID-4zs7-nyzq-zydh", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14356.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14356.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75224", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75395", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75349", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75354", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75357", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75365", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75227", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75259", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75236", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75279", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75289", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.7531", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75288", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75277", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75316", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75323", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75314", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/93b8ac558752d09e1c56d4f1bc82631316fa9c82" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1604047", "reference_id": "1604047", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1604047" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14356", "reference_id": "CVE-2018-14356", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14356" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931608?format=api", "purl": "pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14356" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4zs7-nyzq-zydh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61880?format=api", "vulnerability_id": "VCID-5dxq-th2e-eke5", "summary": "A vulnerability in Mutt and NeoMutt could lead to a Denial of\n Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32055.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32055.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32055", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58599", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58704", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58707", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58692", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58659", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58682", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58703", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.5867", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58722", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58728", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58747", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58708", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58742", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58746", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58724", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58693", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32055" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32055", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32055" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957451", "reference_id": "1957451", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957451" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988106", "reference_id": "988106", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988106" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988107", "reference_id": "988107", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988107" }, { "reference_url": "https://security.archlinux.org/AVG-1922", "reference_id": "AVG-1922", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1922" }, { "reference_url": "https://security.archlinux.org/AVG-1923", "reference_id": "AVG-1923", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1923" }, { "reference_url": "https://security.gentoo.org/glsa/202105-05", "reference_id": "GLSA-202105-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-05" }, { "reference_url": "https://usn.ubuntu.com/5392-1/", "reference_id": "USN-5392-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5392-1/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-32055" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5dxq-th2e-eke5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59551?format=api", "vulnerability_id": "VCID-7f9n-6yxm-zuhu", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14359.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14359.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88049", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88166", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88135", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88141", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.8814", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88152", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88058", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88072", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88078", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88097", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88103", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88113", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88105", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88106", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88119", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03811", "scoring_system": "epss", "scoring_elements": "0.88117", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/6f163e07ae68654d7ac5268cbb7565f6df79ad85" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1604084", "reference_id": "1604084", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1604084" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14359", "reference_id": "CVE-2018-14359", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14359" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931608?format=api", "purl": "pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14359" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7f9n-6yxm-zuhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50770?format=api", "vulnerability_id": "VCID-86dz-udh7-7kd5", "summary": "A weakness was discovered in Mutt and NeoMutt's TLS handshake\n handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28896.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28896.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28896", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26714", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26359", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26481", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26422", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.2629", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.2676", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26801", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26585", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26652", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26703", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26707", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26663", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26606", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26613", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26546", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26488", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28896" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28896", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28896" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900826", "reference_id": "1900826", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1900826" }, { "reference_url": "https://security.archlinux.org/ASA-202011-24", "reference_id": "ASA-202011-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202011-24" }, { "reference_url": "https://security.archlinux.org/ASA-202011-25", "reference_id": "ASA-202011-25", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202011-25" }, { "reference_url": "https://security.archlinux.org/AVG-1288", "reference_id": "AVG-1288", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1288" }, { "reference_url": "https://security.archlinux.org/AVG-1289", "reference_id": "AVG-1289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1289" }, { "reference_url": "https://security.gentoo.org/glsa/202101-32", "reference_id": "GLSA-202101-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202101-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4181", "reference_id": "RHSA-2021:4181", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4181" }, { "reference_url": "https://usn.ubuntu.com/4645-1/", "reference_id": "USN-4645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4645-1/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931613?format=api", "purl": "pkg:deb/debian/neomutt@20201120%2Bdfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201120%252Bdfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-28896" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-86dz-udh7-7kd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59550?format=api", "vulnerability_id": "VCID-bbnw-jxah-rfbh", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14358.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14358.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79504", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79677", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79617", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79623", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79639", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79656", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.7951", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79533", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79519", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79548", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79555", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79577", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.7956", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79552", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79582", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.7958", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01277", "scoring_system": "epss", "scoring_elements": "0.79585", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1604064", "reference_id": "1604064", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1604064" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14358", "reference_id": "CVE-2018-14358", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14358" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931608?format=api", "purl": "pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14358" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bbnw-jxah-rfbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59540?format=api", "vulnerability_id": "VCID-ce8r-3je8-97bm", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14350.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14350.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86682", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86824", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86776", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86783", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86784", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86805", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86693", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86712", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86731", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86741", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86754", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86751", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86744", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86758", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.86764", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03068", "scoring_system": "epss", "scoring_elements": "0.8676", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "http://www.securityfocus.com/bid/104931", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104931" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602922", "reference_id": "1602922", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602922" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14350", "reference_id": "CVE-2018-14350", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14350" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931608?format=api", "purl": "pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14350" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ce8r-3je8-97bm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59537?format=api", "vulnerability_id": "VCID-eyfx-wdun-3fhq", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14349.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14349.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75224", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75395", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75349", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75354", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75357", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75365", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75227", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75259", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75236", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75279", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75289", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.7531", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75288", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75277", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75316", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75323", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75314", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/36a29280448097f34ce9c94606195f2ac643fed1" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602934", "reference_id": "1602934", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602934" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14349", "reference_id": "CVE-2018-14349", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14349" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931608?format=api", "purl": "pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14349" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eyfx-wdun-3fhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59549?format=api", "vulnerability_id": "VCID-fyys-8z34-cufn", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14357.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14357.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84812", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84983", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84908", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84933", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84942", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84959", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84827", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84845", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84847", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.8487", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84877", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84895", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84894", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84888", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.8491", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/e52393740334443ae0206cab2d7caef381646725" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602915", "reference_id": "1602915", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602915" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14357", "reference_id": "CVE-2018-14357", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14357" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2526", "reference_id": "RHSA-2018:2526", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2526" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931608?format=api", "purl": "pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14357" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fyys-8z34-cufn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59552?format=api", "vulnerability_id": "VCID-htz5-1fbu-5qfb", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14362.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14362.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82086", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82266", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82216", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82227", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82229", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82245", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82098", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82119", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82115", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82142", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82149", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82168", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.8216", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82154", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82192", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01676", "scoring_system": "epss", "scoring_elements": "0.82194", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602079", "reference_id": "1602079", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602079" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14362", "reference_id": "CVE-2018-14362", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14362" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2526", "reference_id": "RHSA-2018:2526", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2526" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931608?format=api", "purl": "pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14362" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-htz5-1fbu-5qfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59543?format=api", "vulnerability_id": "VCID-j1v7-r585-eqeq", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14352.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14352.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86793", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86938", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86889", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86895", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86897", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86919", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86804", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86823", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86817", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86836", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86845", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86858", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86854", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86849", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86866", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86871", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03127", "scoring_system": "epss", "scoring_elements": "0.86872", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/e27b65b3bf8defa34db58919496056caf3850cd4" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1604034", "reference_id": "1604034", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1604034" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14352", "reference_id": "CVE-2018-14352", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14352" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931608?format=api", "purl": "pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14352" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j1v7-r585-eqeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56485?format=api", "vulnerability_id": "VCID-k6ud-492m-yqdp", "summary": "Multiple vulnerabilities have been found in Mutt and Neomutt, the\n worst of which could result in an access restriction bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14154.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14154.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14154", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71783", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.7179", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71809", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71782", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71821", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71832", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71857", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.7184", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71822", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71864", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71869", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71852", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71897", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71902", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.719", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.7189", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00692", "scoring_system": "epss", "scoring_elements": "0.71924", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14154" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848287", "reference_id": "1848287", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848287" }, { "reference_url": "https://security.gentoo.org/glsa/202007-57", "reference_id": "GLSA-202007-57", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-57" }, { "reference_url": "https://usn.ubuntu.com/4401-1/", "reference_id": "USN-4401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4401-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931612?format=api", "purl": "pkg:deb/debian/neomutt@20200619%2Bdfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20200619%252Bdfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14154" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k6ud-492m-yqdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59545?format=api", "vulnerability_id": "VCID-nyyz-7jhc-4qd6", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14353.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14353.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.80872", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.81045", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.8099", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.80998", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.81009", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.81023", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.8088", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.80903", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.809", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.80928", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.80937", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.80953", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.80939", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.8093", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.80966", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.80967", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01471", "scoring_system": "epss", "scoring_elements": "0.80969", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1604040", "reference_id": "1604040", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1604040" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14353", "reference_id": "CVE-2018-14353", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14353" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931608?format=api", "purl": "pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14353" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nyyz-7jhc-4qd6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56484?format=api", "vulnerability_id": "VCID-rhbd-qbus-ruhc", "summary": "Multiple vulnerabilities have been found in Mutt and Neomutt, the\n worst of which could result in an access restriction bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14093.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14093.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14093", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88158", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88166", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88182", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88189", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88208", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88214", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88225", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88217", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.8823", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88229", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88248", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88253", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88256", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88268", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03861", "scoring_system": "epss", "scoring_elements": "0.88283", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14093" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14093", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14093" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14954", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14954" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848360", "reference_id": "1848360", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848360" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962897", "reference_id": "962897", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962897" }, { "reference_url": "https://security.gentoo.org/glsa/202007-57", "reference_id": "GLSA-202007-57", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-57" }, { "reference_url": "https://usn.ubuntu.com/4401-1/", "reference_id": "USN-4401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4401-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931612?format=api", "purl": "pkg:deb/debian/neomutt@20200619%2Bdfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20200619%252Bdfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14093" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhbd-qbus-ruhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73745?format=api", "vulnerability_id": "VCID-ssk5-y54s-53gk", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44391", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44437", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44314", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44544", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44623", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44644", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44582", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44633", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44636", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44652", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44624", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44678", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.4467", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44601", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44515", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0022", "scoring_system": "epss", "scoring_elements": "0.44518", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14363" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14363", "reference_id": "CVE-2018-14363", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14363" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931608?format=api", "purl": "pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14363" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ssk5-y54s-53gk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59541?format=api", "vulnerability_id": "VCID-u7cd-qnpy-y3az", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14351.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14351.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75224", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75395", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75349", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75354", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75357", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75365", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75227", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75259", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75236", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75279", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75289", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.7531", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75288", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75277", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75316", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75323", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00875", "scoring_system": "epss", "scoring_elements": "0.75314", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/3c49c44be9b459d9c616bcaef6eb5d51298c1741" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602953", "reference_id": "1602953", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602953" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14351", "reference_id": "CVE-2018-14351", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14351" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931608?format=api", "purl": "pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14351" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u7cd-qnpy-y3az" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59546?format=api", "vulnerability_id": "VCID-u8at-7vh4-f7fe", "summary": "Multiple vulnerabilities have been found in Mutt and NeoMutt, the\n worst of which allows for arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14354.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14354.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84812", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84983", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84908", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84933", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84942", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84959", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84827", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84845", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84847", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.8487", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84877", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84895", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84894", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.84888", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02348", "scoring_system": "epss", "scoring_elements": "0.8491", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14357" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14358" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14359" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14360" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14361" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14363" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb" }, { "reference_url": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" }, { "reference_url": "https://neomutt.org/2018/07/16/release", "reference_id": "", "reference_type": "", "scores": [], "url": "https://neomutt.org/2018/07/16/release" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2018/dsa-4277" }, { "reference_url": "http://www.mutt.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mutt.org/news.html" }, { "reference_url": "http://www.securityfocus.com/bid/104925", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104925" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602069", "reference_id": "1602069", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1602069" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021", "reference_id": "904021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904021" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051", "reference_id": "904051", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904051" }, { "reference_url": "https://security.archlinux.org/AVG-740", "reference_id": "AVG-740", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-740" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:neomutt:neomutt:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14354", "reference_id": "CVE-2018-14354", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14354" }, { "reference_url": "https://security.gentoo.org/glsa/201810-07", "reference_id": "GLSA-201810-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201810-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2526", "reference_id": "RHSA-2018:2526", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2526" }, { "reference_url": "https://usn.ubuntu.com/3719-1/", "reference_id": "USN-3719-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-1/" }, { "reference_url": "https://usn.ubuntu.com/3719-2/", "reference_id": "USN-3719-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-2/" }, { "reference_url": "https://usn.ubuntu.com/3719-3/", "reference_id": "USN-3719-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3719-3/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931608?format=api", "purl": "pkg:deb/debian/neomutt@20180716%2Bdfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20180716%252Bdfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-14354" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u8at-7vh4-f7fe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56486?format=api", "vulnerability_id": "VCID-yvgu-yg5k-z3ff", "summary": "Multiple vulnerabilities have been found in Mutt and Neomutt, the\n worst of which could result in an access restriction bypass.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14954.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14954.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14954", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90453", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90457", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90469", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90474", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90487", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90493", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.905", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90494", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90511", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.9051", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90522", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90521", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90518", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.9053", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.05784", "scoring_system": "epss", "scoring_elements": "0.90547", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14954" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14093", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14093" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14954", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14954" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850170", "reference_id": "1850170", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850170" }, { "reference_url": "https://security.gentoo.org/glsa/202007-57", "reference_id": "GLSA-202007-57", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-57" }, { "reference_url": "https://usn.ubuntu.com/4403-1/", "reference_id": "USN-4403-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4403-1/" }, { "reference_url": "https://usn.ubuntu.com/7204-1/", "reference_id": "USN-7204-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7204-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/931612?format=api", "purl": "pkg:deb/debian/neomutt@20200619%2Bdfsg.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20200619%252Bdfsg.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931609?format=api", "purl": "pkg:deb/debian/neomutt@20201127%2Bdfsg.1-1.2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-sdgd-qstu-pudm" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931607?format=api", "purl": "pkg:deb/debian/neomutt@20220429%2Bdfsg1-4.1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-bdyk-zv3q-z3d7" }, { "vulnerability": "VCID-tnpu-7bve-fbfk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20220429%252Bdfsg1-4.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931611?format=api", "purl": "pkg:deb/debian/neomutt@20250510%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20250510%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/931610?format=api", "purl": "pkg:deb/debian/neomutt@20260105%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260105%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059639?format=api", "purl": "pkg:deb/debian/neomutt@20260406%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260406%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1104241?format=api", "purl": "pkg:deb/debian/neomutt@20260504%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20260504%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14954" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yvgu-yg5k-z3ff" } ], "risk_score": "3.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/neomutt@20201127%252Bdfsg.1-1.2%3Fdistro=trixie" }