Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2007-1558 (GCVE-0-2007-1558)
Vulnerability from cvelistv5 – Published: 2007-04-16 22:00 – Updated: 2024-08-07 12:59
VLAI
EPSS
Summary
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
75 references
Date Public
2007-04-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25496"
},
{
"name": "25529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=683706"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.claws-mail.org/news.php"
},
{
"name": "MDKSA-2007:107",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:107"
},
{
"name": "2007-0024",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"name": "20070403 Re: APOP vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464569/100/0/threaded"
},
{
"name": "25894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25894"
},
{
"name": "20070615 rPSA-2007-0122-1 evolution-data-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471455/100/0/threaded"
},
{
"name": "ADV-2007-1939",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"name": "26083",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26083"
},
{
"name": "ADV-2007-1468",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1468"
},
{
"name": "RHSA-2009:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1140.html"
},
{
"name": "HPSBUX02156",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
},
{
"name": "20070531 FLEA-2007-0023-1: firefox",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470172/100/200/threaded"
},
{
"name": "26415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26415"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt"
},
{
"name": "[oss-security] 20090818 Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP))",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/18/1"
},
{
"name": "APPLE-SA-2007-05-24",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"name": "SUSE-SR:2007:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_14_sr.html"
},
{
"name": "25402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25402"
},
{
"name": "HPSBUX02153",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "20070402 APOP vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464477/30/0/threaded"
},
{
"name": "SUSE-SA:2007:036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_36_mozilla.html"
},
{
"name": "GLSA-200706-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200706-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sylpheed.sraoss.jp/en/news.html"
},
{
"name": "25534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25534"
},
{
"name": "ADV-2007-1994",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1994"
},
{
"name": "SSA:2007-152-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.571857"
},
{
"name": "23257",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23257"
},
{
"name": "USN-469-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-469-1"
},
{
"name": "MDKSA-2007:131",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:131"
},
{
"name": "DSA-1305",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1305"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1231"
},
{
"name": "ADV-2007-1467",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1467"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-15.html"
},
{
"name": "ADV-2007-2788",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2788"
},
{
"name": "SSRT061236",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1424"
},
{
"name": "25664",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25664"
},
{
"name": "MDKSA-2007:119",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:119"
},
{
"name": "25546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25546"
},
{
"name": "RHSA-2007:0353",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0353.html"
},
{
"name": "RHSA-2007:0385",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0385.html"
},
{
"name": "25858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25858"
},
{
"name": "25798",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25798"
},
{
"name": "25353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25353"
},
{
"name": "ADV-2008-0082",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0082"
},
{
"name": "[oss-security] 20090815 mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/15/1"
},
{
"name": "RHSA-2007:0401",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0401.html"
},
{
"name": "2007-0019",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0019/"
},
{
"name": "25476",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25476"
},
{
"name": "35699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35699"
},
{
"name": "MDKSA-2007:113",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113"
},
{
"name": "[balsa-list] 20070704 balsa-2.3.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html"
},
{
"name": "SSRT061181",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "MDKSA-2007:105",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:105"
},
{
"name": "RHSA-2007:0386",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1232"
},
{
"name": "25750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25750"
},
{
"name": "20070619 FLEA-2007-0026-1: evolution-data-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471720/100/0/threaded"
},
{
"name": "DSA-1300",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1300"
},
{
"name": "25559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25559"
},
{
"name": "ADV-2007-1466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1466"
},
{
"name": "1018008",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018008"
},
{
"name": "oval:org.mitre.oval:def:9782",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782"
},
{
"name": "20070602-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
},
{
"name": "RHSA-2007:0402",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0402.html"
},
{
"name": "ADV-2007-1480",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1480"
},
{
"name": "USN-520-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-520-1"
},
{
"name": "TA07-151A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-151A.html"
},
{
"name": "RHSA-2007:0344",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0344.html"
},
{
"name": "20070620 FLEA-2007-0027-1: thunderbird",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/471842/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://balsa.gnome.org/download.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25496"
},
{
"name": "25529",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=683706"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.claws-mail.org/news.php"
},
{
"name": "MDKSA-2007:107",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:107"
},
{
"name": "2007-0024",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"name": "20070403 Re: APOP vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464569/100/0/threaded"
},
{
"name": "25894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25894"
},
{
"name": "20070615 rPSA-2007-0122-1 evolution-data-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471455/100/0/threaded"
},
{
"name": "ADV-2007-1939",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"name": "26083",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26083"
},
{
"name": "ADV-2007-1468",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1468"
},
{
"name": "RHSA-2009:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1140.html"
},
{
"name": "HPSBUX02156",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
},
{
"name": "20070531 FLEA-2007-0023-1: firefox",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470172/100/200/threaded"
},
{
"name": "26415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26415"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt"
},
{
"name": "[oss-security] 20090818 Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP))",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/18/1"
},
{
"name": "APPLE-SA-2007-05-24",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"name": "SUSE-SR:2007:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_14_sr.html"
},
{
"name": "25402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25402"
},
{
"name": "HPSBUX02153",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "20070402 APOP vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464477/30/0/threaded"
},
{
"name": "SUSE-SA:2007:036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_36_mozilla.html"
},
{
"name": "GLSA-200706-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200706-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sylpheed.sraoss.jp/en/news.html"
},
{
"name": "25534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25534"
},
{
"name": "ADV-2007-1994",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1994"
},
{
"name": "SSA:2007-152-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.571857"
},
{
"name": "23257",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23257"
},
{
"name": "USN-469-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-469-1"
},
{
"name": "MDKSA-2007:131",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:131"
},
{
"name": "DSA-1305",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1305"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1231"
},
{
"name": "ADV-2007-1467",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1467"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-15.html"
},
{
"name": "ADV-2007-2788",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2788"
},
{
"name": "SSRT061236",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1424"
},
{
"name": "25664",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25664"
},
{
"name": "MDKSA-2007:119",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:119"
},
{
"name": "25546",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25546"
},
{
"name": "RHSA-2007:0353",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0353.html"
},
{
"name": "RHSA-2007:0385",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0385.html"
},
{
"name": "25858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25858"
},
{
"name": "25798",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25798"
},
{
"name": "25353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25353"
},
{
"name": "ADV-2008-0082",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0082"
},
{
"name": "[oss-security] 20090815 mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/15/1"
},
{
"name": "RHSA-2007:0401",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0401.html"
},
{
"name": "2007-0019",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0019/"
},
{
"name": "25476",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25476"
},
{
"name": "35699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35699"
},
{
"name": "MDKSA-2007:113",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113"
},
{
"name": "[balsa-list] 20070704 balsa-2.3.17 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html"
},
{
"name": "SSRT061181",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "MDKSA-2007:105",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:105"
},
{
"name": "RHSA-2007:0386",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1232"
},
{
"name": "25750",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25750"
},
{
"name": "20070619 FLEA-2007-0026-1: evolution-data-server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471720/100/0/threaded"
},
{
"name": "DSA-1300",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1300"
},
{
"name": "25559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25559"
},
{
"name": "ADV-2007-1466",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1466"
},
{
"name": "1018008",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018008"
},
{
"name": "oval:org.mitre.oval:def:9782",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782"
},
{
"name": "20070602-01-P",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
},
{
"name": "RHSA-2007:0402",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0402.html"
},
{
"name": "ADV-2007-1480",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1480"
},
{
"name": "USN-520-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-520-1"
},
{
"name": "TA07-151A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-151A.html"
},
{
"name": "RHSA-2007:0344",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0344.html"
},
{
"name": "20070620 FLEA-2007-0027-1: thunderbird",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/471842/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://balsa.gnome.org/download.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25496"
},
{
"name": "25529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25529"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=683706",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=683706"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305530",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"name": "http://www.claws-mail.org/news.php",
"refsource": "CONFIRM",
"url": "http://www.claws-mail.org/news.php"
},
{
"name": "MDKSA-2007:107",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:107"
},
{
"name": "2007-0024",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"name": "20070403 Re: APOP vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464569/100/0/threaded"
},
{
"name": "25894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25894"
},
{
"name": "20070615 rPSA-2007-0122-1 evolution-data-server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471455/100/0/threaded"
},
{
"name": "ADV-2007-1939",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"name": "26083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26083"
},
{
"name": "ADV-2007-1468",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1468"
},
{
"name": "RHSA-2009:1140",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1140.html"
},
{
"name": "HPSBUX02156",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
},
{
"name": "20070531 FLEA-2007-0023-1: firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470172/100/200/threaded"
},
{
"name": "26415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26415"
},
{
"name": "http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt",
"refsource": "CONFIRM",
"url": "http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt"
},
{
"name": "[oss-security] 20090818 Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP))",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/08/18/1"
},
{
"name": "APPLE-SA-2007-05-24",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"name": "SUSE-SR:2007:014",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_14_sr.html"
},
{
"name": "25402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25402"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "20070402 APOP vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464477/30/0/threaded"
},
{
"name": "SUSE-SA:2007:036",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_36_mozilla.html"
},
{
"name": "GLSA-200706-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200706-06.xml"
},
{
"name": "http://sylpheed.sraoss.jp/en/news.html",
"refsource": "CONFIRM",
"url": "http://sylpheed.sraoss.jp/en/news.html"
},
{
"name": "25534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25534"
},
{
"name": "ADV-2007-1994",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1994"
},
{
"name": "SSA:2007-152-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.571857"
},
{
"name": "23257",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23257"
},
{
"name": "USN-469-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-469-1"
},
{
"name": "MDKSA-2007:131",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:131"
},
{
"name": "DSA-1305",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1305"
},
{
"name": "https://issues.rpath.com/browse/RPL-1231",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1231"
},
{
"name": "ADV-2007-1467",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1467"
},
{
"name": "http://www.mozilla.org/security/announce/2007/mfsa2007-15.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-15.html"
},
{
"name": "ADV-2007-2788",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2788"
},
{
"name": "SSRT061236",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
},
{
"name": "https://issues.rpath.com/browse/RPL-1424",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1424"
},
{
"name": "25664",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25664"
},
{
"name": "MDKSA-2007:119",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:119"
},
{
"name": "25546",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25546"
},
{
"name": "RHSA-2007:0353",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0353.html"
},
{
"name": "RHSA-2007:0385",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0385.html"
},
{
"name": "25858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25858"
},
{
"name": "25798",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25798"
},
{
"name": "25353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25353"
},
{
"name": "ADV-2008-0082",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0082"
},
{
"name": "[oss-security] 20090815 mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/08/15/1"
},
{
"name": "RHSA-2007:0401",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0401.html"
},
{
"name": "2007-0019",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0019/"
},
{
"name": "25476",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25476"
},
{
"name": "35699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35699"
},
{
"name": "MDKSA-2007:113",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113"
},
{
"name": "[balsa-list] 20070704 balsa-2.3.17 released",
"refsource": "MLIST",
"url": "http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html"
},
{
"name": "SSRT061181",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "MDKSA-2007:105",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:105"
},
{
"name": "RHSA-2007:0386",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-1232",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1232"
},
{
"name": "25750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25750"
},
{
"name": "20070619 FLEA-2007-0026-1: evolution-data-server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471720/100/0/threaded"
},
{
"name": "DSA-1300",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1300"
},
{
"name": "25559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25559"
},
{
"name": "ADV-2007-1466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1466"
},
{
"name": "1018008",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018008"
},
{
"name": "oval:org.mitre.oval:def:9782",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782"
},
{
"name": "20070602-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
},
{
"name": "RHSA-2007:0402",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0402.html"
},
{
"name": "ADV-2007-1480",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1480"
},
{
"name": "USN-520-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-520-1"
},
{
"name": "TA07-151A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-151A.html"
},
{
"name": "RHSA-2007:0344",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0344.html"
},
{
"name": "20070620 FLEA-2007-0027-1: thunderbird",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471842/100/0/threaded"
},
{
"name": "http://balsa.gnome.org/download.html",
"refsource": "CONFIRM",
"url": "http://balsa.gnome.org/download.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1558",
"datePublished": "2007-04-16T22:00:00.000Z",
"dateReserved": "2007-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:59:08.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2007-1558",
"date": "2026-05-30",
"epss": "0.1342",
"percentile": "0.94313"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2007-1558\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-04-16T22:19:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.\"},{\"lang\":\"es\",\"value\":\"El protocolo APOP permite a los atacantes remotos adivinar los primeros 3 caracteres de una contrase\u00f1a por medio de ataques de tipo man-in-the-middle (MITM) que utilizan ID de mensajes creados y colisiones MD5. NOTA: este problema a nivel de creaci\u00f3n afecta potencialmente a todos los productos que utilizan APOP, incluyendo (1) Thunderbird versi\u00f3n 1.x anterior a la versi\u00f3n 1.5.0.12 y versi\u00f3n 2.x anterior a la versi\u00f3n 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail anterior a la versi\u00f3n 6.3.8, (5) SeaMonkey versi\u00f3n 1.0.x anterior a la versi\u00f3n 1.0.9 y versi\u00f3n 1.1.x anterior a la versi\u00f3n 1.1.2, (6) Balsa versi\u00f3n 2.3.16 y anteriores, (7) Mailfilter anterior a la versi\u00f3n 0.8.2, y posiblemente otros productos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:N/A:N\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apop_protocol:apop_protocol:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35A32BC4-9BE2-429C-9D9A-BE4DF4CD9F77\"}]}]}],\"references\":[{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://balsa.gnome.org/download.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=305530\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2007/May/msg00004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25353\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25402\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25476\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25496\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25529\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25534\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25546\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25559\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25664\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25750\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25798\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25858\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25894\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26083\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26415\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/35699\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200706-06.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.571857\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sourceforge.net/forum/forum.php?forum_id=683706\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sylpheed.sraoss.jp/en/news.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.claws-mail.org/news.php\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2007/dsa-1300\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2007/dsa-1305\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:105\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:107\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:113\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:119\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:131\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mozilla.org/security/announce/2007/mfsa2007-15.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_14_sr.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_36_mozilla.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/08/15/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/08/18/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0344.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0353.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0385.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0386.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0401.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0402.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1140.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/464477/30/0/threaded\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/464569/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/470172/100/200/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/471455/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/471720/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/471842/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/23257\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1018008\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.trustix.org/errata/2007/0019/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.trustix.org/errata/2007/0024/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-469-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-520-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-151A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/1466\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1467\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1468\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1480\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1939\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1994\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2788\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0082\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://issues.rpath.com/browse/RPL-1231\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://issues.rpath.com/browse/RPL-1232\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://issues.rpath.com/browse/RPL-1424\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://balsa.gnome.org/download.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=305530\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2007/May/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25353\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25402\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25476\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25496\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25529\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25534\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25546\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25559\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25664\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25750\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25798\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25858\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25894\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26083\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26415\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35699\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200706-06.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.571857\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/forum/forum.php?forum_id=683706\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sylpheed.sraoss.jp/en/news.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.claws-mail.org/news.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2007/dsa-1300\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2007/dsa-1305\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:107\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:113\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:119\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:131\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mozilla.org/security/announce/2007/mfsa2007-15.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_14_sr.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_36_mozilla.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/08/15/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/08/18/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0344.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0353.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0385.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0386.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0401.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0402.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2009-1140.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/464477/30/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/464569/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/470172/100/200/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/471455/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/471720/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/471842/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/23257\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securitytracker.com/id?1018008\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.trustix.org/errata/2007/0019/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.trustix.org/errata/2007/0024/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-469-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-520-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA07-151A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/1466\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1467\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1468\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1480\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1939\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/1994\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2788\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0082\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.rpath.com/browse/RPL-1231\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.rpath.com/browse/RPL-1232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.rpath.com/browse/RPL-1424\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTA-2007-AVI-234
Vulnerability from certfr_avis - Published: 2007-05-30 - Updated: 2007-05-30
Plusieurs vulnérabilités ont été identifiées : elles concernent le système d'exploitation Mac OS X. L'exploitation de ces dernières peut avoir des conséquences variées, comme l'exécution de code arbitraire, ou un dysfonctionnement du système vulnérable.
Description
Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Mac OS X. Parmi celles-ci :
- Alias Manager : il existerait, sous certaines conditions, une incohérence sur les noms de fichier lorsque deux images disque sont montées. Cette vulnérabilité pourrait être exploitée pour faire ouvrir et/ou exécuter un fichier différent de celui demandé sur le système vulnérable ;
- BIND : plusieurs vulnérabilités ont été corrigées dans le serveur DNS pour Mac OS X. Elles sont semblables à celles décrites dans les avis CERTA-2006-AVI-385 et CERTA-2007-AVI-056 ;
- CoreGraphics : l'application ne manipulerait pas correctement certains fichiers au format PDF (pour Portable Document Format), pouvant entraîner l'exécution de commande arbitraire à distance ;
- crontabs : le gestionnaire de tâches pourrait perturber le système de fichiers monté dans le répertoire /tmp, par le biais du script de nettoyage journalier.
- fetchmail : une vulnérabilité présente dans fetchmail permettrait de récupérer tout ou partie d'un mot de passe échangé au cours de l'initialisation de la connexion POP3. Cette vulnérabilité est différente de celle décrite dans CERTA-2007-AVI-020.
- file : la commande file ne manipule pas correctement certains fichiers, ce qui peut provoquer l'interruption de la commande, voire l'exécution de code arbitraire sur le système vulnérable.
- iChat : l'application de messagerie instantanée ne gère pas correctement certains paquets UPnP IGD (pour Internet Gateway Device Standardized Device Control Protocol). Une personne malveillante distante peut ainsi exploiter cette vulnérabilité en envoyant un paquet spécialement construit, afin de perturber l'application ou d'exécuter du code arbitraire à distance.
- mDNSResponder : le problème est identique à celui présenté pour iChat mais n'affecterait que les versions au moins équivalentes à Mac OS X v10.4 ;
- PPP : le démon PPP ne chargerait pas correctement certains modules au cours de son lancement en ligne de commandes, ce qui permettrait à une personne malveillante locale d'élever ses privilèges sur le système vulnérable ;
- ruby : les vulnérabilités corrigées ont été présentées dans l'avis CERTA-2006-AVI-562 ;
- screen : le service GNU Screen auraient plusieurs vulnérabilités exploitables par la ligne de commande screen, et qui provoqueraient sous certaines conditions un déni de service.
- texinfo : une vulnérabilité permettrait d'élever ses privilèges à ceux de l'utilisateur utilisant texinfo afin de créer ou d'écraser des fichiers d'accès limité.
- VPN : le démon vpnd ne manipulerait pas correctement certaines chaînes de caractères, permettant à un utilisateur local d'élever ses privilèges à ceux du système et d'exécuter du code arbitraire sur la machine.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple Mac OS X Server v10.3.9 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Mac OS X v10.4.9 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Mac OS X v10.3.9 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Mac OS X Server v10.4.9.",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le syst\u00e8me\nd\u0027exploitation Mac OS X. Parmi celles-ci :\n\n- Alias Manager : il existerait, sous certaines conditions, une\n incoh\u00e9rence sur les noms de fichier lorsque deux images disque sont\n mont\u00e9es. Cette vuln\u00e9rabilit\u00e9 pourrait \u00eatre exploit\u00e9e pour faire\n ouvrir et/ou ex\u00e9cuter un fichier diff\u00e9rent de celui demand\u00e9 sur le\n syst\u00e8me vuln\u00e9rable ;\n- BIND : plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le serveur\n DNS pour Mac OS X. Elles sont semblables \u00e0 celles d\u00e9crites dans les\n avis CERTA-2006-AVI-385 et CERTA-2007-AVI-056 ;\n- CoreGraphics : l\u0027application ne manipulerait pas correctement\n certains fichiers au format PDF (pour Portable Document Format),\n pouvant entra\u00eener l\u0027ex\u00e9cution de commande arbitraire \u00e0 distance ;\n- crontabs : le gestionnaire de t\u00e2ches pourrait perturber le syst\u00e8me\n de fichiers mont\u00e9 dans le r\u00e9pertoire /tmp, par le biais du script de\n nettoyage journalier.\n- fetchmail : une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans fetchmail permettrait de\n r\u00e9cup\u00e9rer tout ou partie d\u0027un mot de passe \u00e9chang\u00e9 au cours de\n l\u0027initialisation de la connexion POP3. Cette vuln\u00e9rabilit\u00e9 est\n diff\u00e9rente de celle d\u00e9crite dans CERTA-2007-AVI-020.\n- file : la commande file ne manipule pas correctement certains\n fichiers, ce qui peut provoquer l\u0027interruption de la commande, voire\n l\u0027ex\u00e9cution de code arbitraire sur le syst\u00e8me vuln\u00e9rable.\n- iChat : l\u0027application de messagerie instantan\u00e9e ne g\u00e8re pas\n correctement certains paquets UPnP IGD (pour Internet Gateway Device\n Standardized Device Control Protocol). Une personne malveillante\n distante peut ainsi exploiter cette vuln\u00e9rabilit\u00e9 en envoyant un\n paquet sp\u00e9cialement construit, afin de perturber l\u0027application ou\n d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n- mDNSResponder : le probl\u00e8me est identique \u00e0 celui pr\u00e9sent\u00e9 pour\n iChat mais n\u0027affecterait que les versions au moins \u00e9quivalentes \u00e0\n Mac OS X v10.4 ;\n- PPP : le d\u00e9mon PPP ne chargerait pas correctement certains modules\n au cours de son lancement en ligne de commandes, ce qui permettrait\n \u00e0 une personne malveillante locale d\u0027\u00e9lever ses privil\u00e8ges sur le\n syst\u00e8me vuln\u00e9rable ;\n- ruby : les vuln\u00e9rabilit\u00e9s corrig\u00e9es ont \u00e9t\u00e9 pr\u00e9sent\u00e9es dans l\u0027avis\n CERTA-2006-AVI-562 ;\n- screen : le service GNU Screen auraient plusieurs vuln\u00e9rabilit\u00e9s\n exploitables par la ligne de commande screen, et qui provoqueraient\n sous certaines conditions un d\u00e9ni de service.\n- texinfo : une vuln\u00e9rabilit\u00e9 permettrait d\u0027\u00e9lever ses privil\u00e8ges \u00e0\n ceux de l\u0027utilisateur utilisant texinfo afin de cr\u00e9er ou d\u0027\u00e9craser\n des fichiers d\u0027acc\u00e8s limit\u00e9.\n- VPN : le d\u00e9mon vpnd ne manipulerait pas correctement certaines\n cha\u00eenes de caract\u00e8res, permettant \u00e0 un utilisateur local d\u0027\u00e9lever\n ses privil\u00e8ges \u00e0 ceux du syst\u00e8me et d\u0027ex\u00e9cuter du code arbitraire\n sur la machine.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2006-5467",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5467"
},
{
"name": "CVE-2007-1558",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1558"
},
{
"name": "CVE-2006-6303",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-6303"
},
{
"name": "CVE-2007-0751",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0751"
},
{
"name": "CVE-2007-1536",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1536"
},
{
"name": "CVE-2007-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0494"
},
{
"name": "CVE-2006-4096",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4096"
},
{
"name": "CVE-2007-2386",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2386"
},
{
"name": "CVE-2007-4573",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4573"
},
{
"name": "CVE-2007-0493",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0493"
},
{
"name": "CVE-2007-0752",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0752"
},
{
"name": "CVE-2007-0750",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0750"
},
{
"name": "CVE-2007-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2390"
},
{
"name": "CVE-2007-0740",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0740"
},
{
"name": "CVE-2006-4095",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4095"
},
{
"name": "CVE-2007-0753",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0753"
},
{
"name": "CVE-2005-3011",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-3011"
}
],
"initial_release_date": "2007-05-30T00:00:00",
"last_revision_date": "2007-05-30T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Apple du 29 mai 2007 :",
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"title": "Message dans la liste de diffusion GNU concernant GNU Screen paru en octobre 2006 :",
"url": "http://lists.gnu.org/archive/html/screen-users/2006-10/msg00028.html"
},
{
"title": "Avis de s\u00e9curit\u00e9 Fetchmail associ\u00e9 SA-2007-01 du 18 mars 2007 :",
"url": "http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt"
}
],
"reference": "CERTA-2007-AVI-234",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-05-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es : elles concernent le\nsyst\u00e8me d\u0027exploitation Mac OS X. L\u0027exploitation de ces derni\u00e8res peut\navoir des cons\u00e9quences vari\u00e9es, comme l\u0027ex\u00e9cution de code arbitraire, ou\nun dysfonctionnement du syst\u00e8me vuln\u00e9rable.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Avis de s\u00e9curit\u00e9 Apple 2007-005 305530 du 29 mai 2007",
"url": null
}
]
}
CERTA-2007-AVI-245
Vulnerability from certfr_avis - Published: 2007-06-01 - Updated: 2007-06-01None
Description
De nombreuses vulnérabilités dans les produits Mozilla permettent à un utilisateur distant malintentionné de provoquer un déni de service, d'exécuter du code arbitraire ou de porter atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox | Mozilla Firefox 2.x ; | ||
| Mozilla | Thunderbird | Mozilla Thunderbird 2.x ; | ||
| Mozilla | Firefox | Mozilla Firefox 1.5.x ; | ||
| Mozilla | Thunderbird | Mozilla Thunderbird 1.5.x ; | ||
| Mozilla | N/A | Mozilla SeaMonkey 1.x. |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Mozilla Firefox 2.x ;",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla Thunderbird 2.x ;",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla Firefox 1.5.x ;",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla Thunderbird 1.5.x ;",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Mozilla SeaMonkey 1.x.",
"product": {
"name": "N/A",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s dans les produits Mozilla permettent \u00e0 un\nutilisateur distant malintentionn\u00e9 de provoquer un d\u00e9ni de service,\nd\u0027ex\u00e9cuter du code arbitraire ou de porter atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2007-2867",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2867"
},
{
"name": "CVE-2007-1558",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1558"
},
{
"name": "CVE-2007-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2870"
},
{
"name": "CVE-2007-2868",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2868"
},
{
"name": "CVE-2007-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2871"
},
{
"name": "CVE-2007-2869",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2869"
},
{
"name": "CVE-2007-1362",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1362"
}
],
"initial_release_date": "2007-06-01T00:00:00",
"last_revision_date": "2007-06-01T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA_2007-13 du 30 mai 2007 :",
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-13.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA_2007-14 du 30 mai 2007 :",
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-14.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0402 du 30 mai 2007 :",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0402.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA_2007-12 du 30 mai 2007 :",
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-12.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA_2007-17 du 30 mai 2007 :",
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-17.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0400 du 30 mai 2007 :",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0400.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0401 du 30 mai 2007 :",
"url": "http://rhn.redhat.com/errata/RHSA-2007-0401.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA_2007-16 du 30 mai 2007 :",
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-16.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla MFSA_2007-15 du 30 mai 2007 :",
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-15.html"
}
],
"reference": "CERTA-2007-AVI-245",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-06-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": null,
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 Mozilla du 30 mai 2007",
"url": null
}
]
}
FKIE_CVE-2007-1558
Vulnerability from fkie_nvd - Published: 2007-04-16 22:19 - Updated: 2026-04-23 00:35
Severity
Summary
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc | ||
| cve@mitre.org | http://balsa.gnome.org/download.html | ||
| cve@mitre.org | http://docs.info.apple.com/article.html?artnum=305530 | ||
| cve@mitre.org | http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt | ||
| cve@mitre.org | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 | ||
| cve@mitre.org | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2007/May/msg00004.html | ||
| cve@mitre.org | http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html | ||
| cve@mitre.org | http://secunia.com/advisories/25353 | ||
| cve@mitre.org | http://secunia.com/advisories/25402 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/25476 | ||
| cve@mitre.org | http://secunia.com/advisories/25496 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/25529 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/25534 | ||
| cve@mitre.org | http://secunia.com/advisories/25546 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/25559 | ||
| cve@mitre.org | http://secunia.com/advisories/25664 | ||
| cve@mitre.org | http://secunia.com/advisories/25750 | ||
| cve@mitre.org | http://secunia.com/advisories/25798 | ||
| cve@mitre.org | http://secunia.com/advisories/25858 | ||
| cve@mitre.org | http://secunia.com/advisories/25894 | ||
| cve@mitre.org | http://secunia.com/advisories/26083 | ||
| cve@mitre.org | http://secunia.com/advisories/26415 | ||
| cve@mitre.org | http://secunia.com/advisories/35699 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200706-06.xml | ||
| cve@mitre.org | http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857 | ||
| cve@mitre.org | http://sourceforge.net/forum/forum.php?forum_id=683706 | ||
| cve@mitre.org | http://sylpheed.sraoss.jp/en/news.html | ||
| cve@mitre.org | http://www.claws-mail.org/news.php | ||
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1300 | ||
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1305 | Patch | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:105 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:107 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:113 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:119 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:131 | ||
| cve@mitre.org | http://www.mozilla.org/security/announce/2007/mfsa2007-15.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_14_sr.html | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_36_mozilla.html | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2009/08/15/1 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2009/08/18/1 | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-0344.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-0353.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-0385.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-0386.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-0401.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2007-0402.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2009-1140.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/464477/30/0/threaded | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/464569/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/470172/100/200/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/471455/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/471720/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/471842/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/23257 | Patch | |
| cve@mitre.org | http://www.securitytracker.com/id?1018008 | ||
| cve@mitre.org | http://www.trustix.org/errata/2007/0019/ | ||
| cve@mitre.org | http://www.trustix.org/errata/2007/0024/ | ||
| cve@mitre.org | http://www.ubuntu.com/usn/usn-469-1 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/usn-520-1 | ||
| cve@mitre.org | http://www.us-cert.gov/cas/techalerts/TA07-151A.html | US Government Resource | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/1466 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/1467 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/1468 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/1480 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/1939 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/1994 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/2788 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0082 | ||
| cve@mitre.org | https://issues.rpath.com/browse/RPL-1231 | ||
| cve@mitre.org | https://issues.rpath.com/browse/RPL-1232 | ||
| cve@mitre.org | https://issues.rpath.com/browse/RPL-1424 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782 | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://balsa.gnome.org/download.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://docs.info.apple.com/article.html?artnum=305530 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2007/May/msg00004.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25353 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25402 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25476 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25496 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25529 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25534 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25546 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25559 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25664 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25750 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25798 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25858 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25894 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26083 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26415 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35699 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200706-06.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/forum/forum.php?forum_id=683706 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sylpheed.sraoss.jp/en/news.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.claws-mail.org/news.php | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1300 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1305 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:105 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:107 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:113 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:119 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:131 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mozilla.org/security/announce/2007/mfsa2007-15.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_14_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_36_mozilla.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/08/15/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/08/18/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-0344.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-0353.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-0385.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-0386.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-0401.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2007-0402.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-1140.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/464477/30/0/threaded | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/464569/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/470172/100/200/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/471455/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/471720/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/471842/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/23257 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018008 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.trustix.org/errata/2007/0019/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.trustix.org/errata/2007/0024/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-469-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-520-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA07-151A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1466 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1467 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1468 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1480 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1939 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/1994 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2788 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0082 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1231 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1232 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1424 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apop_protocol | apop_protocol | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apop_protocol:apop_protocol:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35A32BC4-9BE2-429C-9D9A-BE4DF4CD9F77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products."
},
{
"lang": "es",
"value": "El protocolo APOP permite a los atacantes remotos adivinar los primeros 3 caracteres de una contrase\u00f1a por medio de ataques de tipo man-in-the-middle (MITM) que utilizan ID de mensajes creados y colisiones MD5. NOTA: este problema a nivel de creaci\u00f3n afecta potencialmente a todos los productos que utilizan APOP, incluyendo (1) Thunderbird versi\u00f3n 1.x anterior a la versi\u00f3n 1.5.0.12 y versi\u00f3n 2.x anterior a la versi\u00f3n 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail anterior a la versi\u00f3n 6.3.8, (5) SeaMonkey versi\u00f3n 1.0.x anterior a la versi\u00f3n 1.0.9 y versi\u00f3n 1.1.x anterior a la versi\u00f3n 1.1.2, (6) Balsa versi\u00f3n 2.3.16 y anteriores, (7) Mailfilter anterior a la versi\u00f3n 0.8.2, y posiblemente otros productos."
}
],
"id": "CVE-2007-1558",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-16T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
},
{
"source": "cve@mitre.org",
"url": "http://balsa.gnome.org/download.html"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"source": "cve@mitre.org",
"url": "http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt"
},
{
"source": "cve@mitre.org",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"source": "cve@mitre.org",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25353"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25402"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25476"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25496"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25529"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25534"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25546"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25559"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25664"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25750"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25798"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25858"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25894"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26083"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26415"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35699"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200706-06.xml"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.571857"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/forum/forum.php?forum_id=683706"
},
{
"source": "cve@mitre.org",
"url": "http://sylpheed.sraoss.jp/en/news.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.claws-mail.org/news.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1300"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2007/dsa-1305"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:105"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:107"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:119"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:131"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-15.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_14_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_36_mozilla.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/08/15/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/08/18/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0344.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0353.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0385.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0401.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0402.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1140.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/464477/30/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/464569/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/470172/100/200/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/471455/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/471720/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/471842/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/23257"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018008"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2007/0019/"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-469-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-520-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-151A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1466"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1467"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1468"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1480"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1994"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2788"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0082"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1231"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1232"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1424"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://balsa.gnome.org/download.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200706-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.571857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/forum/forum.php?forum_id=683706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sylpheed.sraoss.jp/en/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.claws-mail.org/news.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2007/dsa-1305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-15.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_14_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_36_mozilla.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/08/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/08/18/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0344.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0353.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0385.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0401.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0402.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1140.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/464477/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/464569/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/470172/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/471455/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/471720/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/471842/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/23257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2007/0019/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-469-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-520-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-151A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-JMH6-7C53-FG26
Vulnerability from github – Published: 2022-05-03 03:18 – Updated: 2022-05-03 03:18
VLAI
Details
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
{
"affected": [],
"aliases": [
"CVE-2007-1558"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2007-04-16T22:19:00Z",
"severity": "LOW"
},
"details": "The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.",
"id": "GHSA-jmh6-7c53-fg26",
"modified": "2022-05-03T03:18:06Z",
"published": "2022-05-03T03:18:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1558"
},
{
"type": "WEB",
"url": "https://issues.rpath.com/browse/RPL-1231"
},
{
"type": "WEB",
"url": "https://issues.rpath.com/browse/RPL-1232"
},
{
"type": "WEB",
"url": "https://issues.rpath.com/browse/RPL-1424"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782"
},
{
"type": "WEB",
"url": "http://balsa.gnome.org/download.html"
},
{
"type": "WEB",
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"type": "WEB",
"url": "http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt"
},
{
"type": "WEB",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"type": "WEB",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"type": "WEB",
"url": "http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25353"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25402"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25476"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25496"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25529"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25534"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25546"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25559"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25664"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25750"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25798"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25858"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25894"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/26083"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/26415"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/35699"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-200706-06.xml"
},
{
"type": "WEB",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.571857"
},
{
"type": "WEB",
"url": "http://sourceforge.net/forum/forum.php?forum_id=683706"
},
{
"type": "WEB",
"url": "http://sylpheed.sraoss.jp/en/news.html"
},
{
"type": "WEB",
"url": "http://www.claws-mail.org/news.php"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2007/dsa-1300"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2007/dsa-1305"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:105"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:107"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:119"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:131"
},
{
"type": "WEB",
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-15.html"
},
{
"type": "WEB",
"url": "http://www.novell.com/linux/security/advisories/2007_14_sr.html"
},
{
"type": "WEB",
"url": "http://www.novell.com/linux/security/advisories/2007_36_mozilla.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2009/08/15/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2009/08/18/1"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0344.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0353.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0385.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0401.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0402.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1140.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/464477/30/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/464569/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/470172/100/200/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/471455/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/471720/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/471842/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/23257"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1018008"
},
{
"type": "WEB",
"url": "http://www.trustix.org/errata/2007/0019"
},
{
"type": "WEB",
"url": "http://www.trustix.org/errata/2007/0024"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-469-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-520-1"
},
{
"type": "WEB",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-151A.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/1466"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/1467"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/1468"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/1480"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/1994"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/2788"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2008/0082"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2007-1558
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2007-1558",
"description": "The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.",
"id": "GSD-2007-1558",
"references": [
"https://www.suse.com/security/cve/CVE-2007-1558.html",
"https://www.debian.org/security/2007/dsa-1305",
"https://www.debian.org/security/2007/dsa-1300",
"https://access.redhat.com/errata/RHSA-2009:1140",
"https://access.redhat.com/errata/RHSA-2007:0402",
"https://access.redhat.com/errata/RHSA-2007:0401",
"https://access.redhat.com/errata/RHSA-2007:0386",
"https://access.redhat.com/errata/RHSA-2007:0385",
"https://access.redhat.com/errata/RHSA-2007:0353",
"https://access.redhat.com/errata/RHSA-2007:0344",
"https://linux.oracle.com/cve/CVE-2007-1558.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2007-1558"
],
"details": "The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.",
"id": "GSD-2007-1558",
"modified": "2023-12-13T01:21:39.363392Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25496"
},
{
"name": "25529",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25529"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=683706",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=683706"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305530",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"name": "http://www.claws-mail.org/news.php",
"refsource": "CONFIRM",
"url": "http://www.claws-mail.org/news.php"
},
{
"name": "MDKSA-2007:107",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:107"
},
{
"name": "2007-0024",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"name": "20070403 Re: APOP vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464569/100/0/threaded"
},
{
"name": "25894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25894"
},
{
"name": "20070615 rPSA-2007-0122-1 evolution-data-server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471455/100/0/threaded"
},
{
"name": "ADV-2007-1939",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"name": "26083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26083"
},
{
"name": "ADV-2007-1468",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1468"
},
{
"name": "RHSA-2009:1140",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1140.html"
},
{
"name": "HPSBUX02156",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
},
{
"name": "20070531 FLEA-2007-0023-1: firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470172/100/200/threaded"
},
{
"name": "26415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26415"
},
{
"name": "http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt",
"refsource": "CONFIRM",
"url": "http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt"
},
{
"name": "[oss-security] 20090818 Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP))",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/08/18/1"
},
{
"name": "APPLE-SA-2007-05-24",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"name": "SUSE-SR:2007:014",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_14_sr.html"
},
{
"name": "25402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25402"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "20070402 APOP vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464477/30/0/threaded"
},
{
"name": "SUSE-SA:2007:036",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_36_mozilla.html"
},
{
"name": "GLSA-200706-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200706-06.xml"
},
{
"name": "http://sylpheed.sraoss.jp/en/news.html",
"refsource": "CONFIRM",
"url": "http://sylpheed.sraoss.jp/en/news.html"
},
{
"name": "25534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25534"
},
{
"name": "ADV-2007-1994",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1994"
},
{
"name": "SSA:2007-152-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.571857"
},
{
"name": "23257",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23257"
},
{
"name": "USN-469-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-469-1"
},
{
"name": "MDKSA-2007:131",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:131"
},
{
"name": "DSA-1305",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1305"
},
{
"name": "https://issues.rpath.com/browse/RPL-1231",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1231"
},
{
"name": "ADV-2007-1467",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1467"
},
{
"name": "http://www.mozilla.org/security/announce/2007/mfsa2007-15.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-15.html"
},
{
"name": "ADV-2007-2788",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2788"
},
{
"name": "SSRT061236",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
},
{
"name": "https://issues.rpath.com/browse/RPL-1424",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1424"
},
{
"name": "25664",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25664"
},
{
"name": "MDKSA-2007:119",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:119"
},
{
"name": "25546",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25546"
},
{
"name": "RHSA-2007:0353",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0353.html"
},
{
"name": "RHSA-2007:0385",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0385.html"
},
{
"name": "25858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25858"
},
{
"name": "25798",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25798"
},
{
"name": "25353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25353"
},
{
"name": "ADV-2008-0082",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0082"
},
{
"name": "[oss-security] 20090815 mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/08/15/1"
},
{
"name": "RHSA-2007:0401",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0401.html"
},
{
"name": "2007-0019",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0019/"
},
{
"name": "25476",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25476"
},
{
"name": "35699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35699"
},
{
"name": "MDKSA-2007:113",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113"
},
{
"name": "[balsa-list] 20070704 balsa-2.3.17 released",
"refsource": "MLIST",
"url": "http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html"
},
{
"name": "SSRT061181",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "MDKSA-2007:105",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:105"
},
{
"name": "RHSA-2007:0386",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-1232",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1232"
},
{
"name": "25750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25750"
},
{
"name": "20070619 FLEA-2007-0026-1: evolution-data-server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471720/100/0/threaded"
},
{
"name": "DSA-1300",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1300"
},
{
"name": "25559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25559"
},
{
"name": "ADV-2007-1466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1466"
},
{
"name": "1018008",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018008"
},
{
"name": "oval:org.mitre.oval:def:9782",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782"
},
{
"name": "20070602-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
},
{
"name": "RHSA-2007:0402",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0402.html"
},
{
"name": "ADV-2007-1480",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1480"
},
{
"name": "USN-520-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-520-1"
},
{
"name": "TA07-151A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-151A.html"
},
{
"name": "RHSA-2007:0344",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0344.html"
},
{
"name": "20070620 FLEA-2007-0027-1: thunderbird",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/471842/100/0/threaded"
},
{
"name": "http://balsa.gnome.org/download.html",
"refsource": "CONFIRM",
"url": "http://balsa.gnome.org/download.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apop_protocol:apop_protocol:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1558"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070402 APOP vulnerability",
"refsource": "BUGTRAQ",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/464477/30/0/threaded"
},
{
"name": "http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt",
"refsource": "CONFIRM",
"tags": [],
"url": "http://fetchmail.berlios.de/fetchmail-SA-2007-01.txt"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=683706",
"refsource": "CONFIRM",
"tags": [],
"url": "http://sourceforge.net/forum/forum.php?forum_id=683706"
},
{
"name": "http://sylpheed.sraoss.jp/en/news.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://sylpheed.sraoss.jp/en/news.html"
},
{
"name": "http://www.claws-mail.org/news.php",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.claws-mail.org/news.php"
},
{
"name": "23257",
"refsource": "BID",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/23257"
},
{
"name": "RHSA-2007:0353",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0353.html"
},
{
"name": "1018008",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id?1018008"
},
{
"name": "[balsa-list] 20070704 balsa-2.3.17 released",
"refsource": "MLIST",
"tags": [],
"url": "http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html"
},
{
"name": "http://www.mozilla.org/security/announce/2007/mfsa2007-15.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.mozilla.org/security/announce/2007/mfsa2007-15.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-1424",
"refsource": "CONFIRM",
"tags": [],
"url": "https://issues.rpath.com/browse/RPL-1424"
},
{
"name": "https://issues.rpath.com/browse/RPL-1232",
"refsource": "CONFIRM",
"tags": [],
"url": "https://issues.rpath.com/browse/RPL-1232"
},
{
"name": "https://issues.rpath.com/browse/RPL-1231",
"refsource": "CONFIRM",
"tags": [],
"url": "https://issues.rpath.com/browse/RPL-1231"
},
{
"name": "http://balsa.gnome.org/download.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://balsa.gnome.org/download.html"
},
{
"name": "APPLE-SA-2007-05-24",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html"
},
{
"name": "DSA-1300",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2007/dsa-1300"
},
{
"name": "DSA-1305",
"refsource": "DEBIAN",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2007/dsa-1305"
},
{
"name": "GLSA-200706-06",
"refsource": "GENTOO",
"tags": [],
"url": "http://security.gentoo.org/glsa/glsa-200706-06.xml"
},
{
"name": "MDKSA-2007:105",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:105"
},
{
"name": "MDKSA-2007:107",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:107"
},
{
"name": "MDKSA-2007:113",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:113"
},
{
"name": "MDKSA-2007:119",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:119"
},
{
"name": "MDKSA-2007:131",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:131"
},
{
"name": "RHSA-2007:0344",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0344.html"
},
{
"name": "RHSA-2007:0386",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0386.html"
},
{
"name": "RHSA-2007:0385",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0385.html"
},
{
"name": "RHSA-2007:0401",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0401.html"
},
{
"name": "RHSA-2007:0402",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0402.html"
},
{
"name": "20070602-01-P",
"refsource": "SGI",
"tags": [],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc"
},
{
"name": "SSA:2007-152-02",
"refsource": "SLACKWARE",
"tags": [],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.571857"
},
{
"name": "SUSE-SA:2007:036",
"refsource": "SUSE",
"tags": [],
"url": "http://www.novell.com/linux/security/advisories/2007_36_mozilla.html"
},
{
"name": "SUSE-SR:2007:014",
"refsource": "SUSE",
"tags": [],
"url": "http://www.novell.com/linux/security/advisories/2007_14_sr.html"
},
{
"name": "2007-0019",
"refsource": "TRUSTIX",
"tags": [],
"url": "http://www.trustix.org/errata/2007/0019/"
},
{
"name": "2007-0024",
"refsource": "TRUSTIX",
"tags": [],
"url": "http://www.trustix.org/errata/2007/0024/"
},
{
"name": "USN-469-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/usn-469-1"
},
{
"name": "USN-520-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/usn-520-1"
},
{
"name": "TA07-151A",
"refsource": "CERT",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-151A.html"
},
{
"name": "25353",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/25353"
},
{
"name": "25402",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25402"
},
{
"name": "25476",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/25476"
},
{
"name": "25529",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25529"
},
{
"name": "25546",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25546"
},
{
"name": "25496",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25496"
},
{
"name": "25559",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/25559"
},
{
"name": "25534",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/25534"
},
{
"name": "25664",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/25664"
},
{
"name": "25750",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/25750"
},
{
"name": "25798",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/25798"
},
{
"name": "25894",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/25894"
},
{
"name": "26083",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/26083"
},
{
"name": "26415",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/26415"
},
{
"name": "25858",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/25858"
},
{
"name": "RHSA-2009:1140",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1140.html"
},
{
"name": "35699",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/35699"
},
{
"name": "[oss-security] 20090818 Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP))",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2009/08/18/1"
},
{
"name": "[oss-security] 20090815 mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2009/08/15/1"
},
{
"name": "HPSBUX02153",
"refsource": "HP",
"tags": [],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742"
},
{
"name": "HPSBUX02156",
"refsource": "HP",
"tags": [],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579"
},
{
"name": "ADV-2007-1466",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2007/1466"
},
{
"name": "ADV-2007-1939",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2007/1939"
},
{
"name": "ADV-2007-1467",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2007/1467"
},
{
"name": "ADV-2007-2788",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2007/2788"
},
{
"name": "ADV-2008-0082",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/0082"
},
{
"name": "ADV-2007-1994",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2007/1994"
},
{
"name": "ADV-2007-1480",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2007/1480"
},
{
"name": "ADV-2007-1468",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2007/1468"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=305530",
"refsource": "CONFIRM",
"tags": [],
"url": "http://docs.info.apple.com/article.html?artnum=305530"
},
{
"name": "oval:org.mitre.oval:def:9782",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782"
},
{
"name": "20070620 FLEA-2007-0027-1: thunderbird",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/471842/100/0/threaded"
},
{
"name": "20070619 FLEA-2007-0026-1: evolution-data-server",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/471720/100/0/threaded"
},
{
"name": "20070615 rPSA-2007-0122-1 evolution-data-server",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/471455/100/0/threaded"
},
{
"name": "20070531 FLEA-2007-0023-1: firefox",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/470172/100/200/threaded"
},
{
"name": "20070403 Re: APOP vulnerability",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/464569/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-16T16:39Z",
"publishedDate": "2007-04-16T22:19Z"
}
}
}
JVNDB-2007-000295
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2009-08-06 11:39Summary
APOP password recovery vulnerability
Details
POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol.
It is reported that APOP passwords could be recovered by third parties.
In its successful attack, the attacker spoofs itself as the mail server, provides challenge strings to the client, and collects the responses from the client. The attacker should repeat this process for a certain period of time without alerting the user of the attack.
References
| Type | URL | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000295.html",
"dc:date": "2009-08-06T11:39+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2009-08-06T11:39+09:00",
"description": "POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol.\r\n\r\nIt is reported that APOP passwords could be recovered by third parties.\r\n\r\nIn its successful attack, the attacker spoofs itself as the mail server, provides challenge strings to the client, and collects the responses from the client. The attacker should repeat this process for a certain period of time without alerting the user of the attack.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000295.html",
"sec:cpe": [
{
"#text": "cpe:/a:claws_mail:claws_mail",
"@product": "Claws Mail",
"@vendor": "Claws Mail",
"@version": "2.2"
},
{
"#text": "cpe:/a:fetchmail:fetchmail",
"@product": "Fetchmail",
"@vendor": "Fetchmail Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:mozilla:seamonkey",
"@product": "Mozilla SeaMonkey",
"@vendor": "mozilla.org contributors",
"@version": "2.2"
},
{
"#text": "cpe:/a:mozilla:thunderbird",
"@product": "Mozilla Thunderbird",
"@vendor": "mozilla.org contributors",
"@version": "2.2"
},
{
"#text": "cpe:/a:mutt:mutt",
"@product": "Mutt",
"@vendor": "Mutt",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_optional_productivity_applications",
"@product": "RHEL Optional Productivity Applications",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sylpheed:sylpheed",
"@product": "Sylpheed",
"@vendor": "Sylpheed",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_eus",
"@product": "Red Hat Enterprise Linux EUS",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux",
"@product": "Turbolinux",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_desktop",
"@product": "Turbolinux Desktop",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_fuji",
"@product": "Turbolinux FUJI",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_home",
"@product": "Turbolinux Home",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_multimedia",
"@product": "Turbolinux Multimedia",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_personal",
"@product": "Turbolinux Personal",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_server",
"@product": "Turbolinux Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_wizpy",
"@product": "wizpy",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000295",
"sec:references": [
{
"#text": "http://jvn.jp/cert/JVNTA07-151A/index.html",
"@id": "JVNTA07-151A",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/jp/JVN19445002/index.html",
"@id": "JVN#19445002",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/tr/TRTA07-151A/index.html",
"@id": "TRTA07-151A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558",
"@id": "CVE-2007-1558",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1558",
"@id": "CVE-2007-1558",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA07-151A.html",
"@id": "SA07-151A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA07-151A.html",
"@id": "TA07-151A",
"@source": "CERT-TA"
},
{
"#text": "http://www.securityfocus.com/bid/23257",
"@id": "23257",
"@source": "BID"
},
{
"#text": "http://www.securitytracker.com/id?1018008",
"@id": "1018008",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/1466",
"@id": "FrSIRT/ADV-2007-1466",
"@source": "FRSIRT"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/1480",
"@id": "FrSIRT/ADV-2007-1480",
"@source": "FRSIRT"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/1468",
"@id": "FrSIRT/ADV-2007-1468",
"@source": "FRSIRT"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/1467",
"@id": "FrSIRT/ADV-2007-1467",
"@source": "FRSIRT"
},
{
"#text": "http://www.ietf.org/rfc/rfc1939.txt",
"@id": "RFC1939:Post Office Protocol - Version 3",
"@source": "IETF"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "APOP password recovery vulnerability"
}
OPENSUSE-SU-2024:10686-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
claws-mail-4.0.0-2.5 on GA media
Severity
Moderate
Notes
Title of the patch: claws-mail-4.0.0-2.5 on GA media
Description of the patch: These are all security issues fixed in the claws-mail-4.0.0-2.5 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10686
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-4.0.0-2.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-4.0.0-2.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-4.0.0-2.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-4.0.0-2.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
9.8 (Critical)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-4.0.0-2.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-4.0.0-2.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-4.0.0-2.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-4.0.0-2.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
12 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2007-1558/ | self |
| https://www.suse.com/security/cve/CVE-2020-15917/ | self |
| https://www.suse.com/security/cve/CVE-2007-1558 | external |
| https://bugzilla.suse.com/262450 | external |
| https://bugzilla.suse.com/271197 | external |
| https://bugzilla.suse.com/279843 | external |
| https://bugzilla.suse.com/281321 | external |
| https://bugzilla.suse.com/281323 | external |
| https://www.suse.com/security/cve/CVE-2020-15917 | external |
| https://bugzilla.suse.com/1174457 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "claws-mail-4.0.0-2.5 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the claws-mail-4.0.0-2.5 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10686",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10686-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-1558 page",
"url": "https://www.suse.com/security/cve/CVE-2007-1558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15917 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15917/"
}
],
"title": "claws-mail-4.0.0-2.5 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10686-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "claws-mail-4.0.0-2.5.aarch64",
"product": {
"name": "claws-mail-4.0.0-2.5.aarch64",
"product_id": "claws-mail-4.0.0-2.5.aarch64"
}
},
{
"category": "product_version",
"name": "claws-mail-devel-4.0.0-2.5.aarch64",
"product": {
"name": "claws-mail-devel-4.0.0-2.5.aarch64",
"product_id": "claws-mail-devel-4.0.0-2.5.aarch64"
}
},
{
"category": "product_version",
"name": "claws-mail-lang-4.0.0-2.5.aarch64",
"product": {
"name": "claws-mail-lang-4.0.0-2.5.aarch64",
"product_id": "claws-mail-lang-4.0.0-2.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "claws-mail-4.0.0-2.5.ppc64le",
"product": {
"name": "claws-mail-4.0.0-2.5.ppc64le",
"product_id": "claws-mail-4.0.0-2.5.ppc64le"
}
},
{
"category": "product_version",
"name": "claws-mail-devel-4.0.0-2.5.ppc64le",
"product": {
"name": "claws-mail-devel-4.0.0-2.5.ppc64le",
"product_id": "claws-mail-devel-4.0.0-2.5.ppc64le"
}
},
{
"category": "product_version",
"name": "claws-mail-lang-4.0.0-2.5.ppc64le",
"product": {
"name": "claws-mail-lang-4.0.0-2.5.ppc64le",
"product_id": "claws-mail-lang-4.0.0-2.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "claws-mail-4.0.0-2.5.s390x",
"product": {
"name": "claws-mail-4.0.0-2.5.s390x",
"product_id": "claws-mail-4.0.0-2.5.s390x"
}
},
{
"category": "product_version",
"name": "claws-mail-devel-4.0.0-2.5.s390x",
"product": {
"name": "claws-mail-devel-4.0.0-2.5.s390x",
"product_id": "claws-mail-devel-4.0.0-2.5.s390x"
}
},
{
"category": "product_version",
"name": "claws-mail-lang-4.0.0-2.5.s390x",
"product": {
"name": "claws-mail-lang-4.0.0-2.5.s390x",
"product_id": "claws-mail-lang-4.0.0-2.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "claws-mail-4.0.0-2.5.x86_64",
"product": {
"name": "claws-mail-4.0.0-2.5.x86_64",
"product_id": "claws-mail-4.0.0-2.5.x86_64"
}
},
{
"category": "product_version",
"name": "claws-mail-devel-4.0.0-2.5.x86_64",
"product": {
"name": "claws-mail-devel-4.0.0-2.5.x86_64",
"product_id": "claws-mail-devel-4.0.0-2.5.x86_64"
}
},
{
"category": "product_version",
"name": "claws-mail-lang-4.0.0-2.5.x86_64",
"product": {
"name": "claws-mail-lang-4.0.0-2.5.x86_64",
"product_id": "claws-mail-lang-4.0.0-2.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-4.0.0-2.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.aarch64"
},
"product_reference": "claws-mail-4.0.0-2.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-4.0.0-2.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.ppc64le"
},
"product_reference": "claws-mail-4.0.0-2.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-4.0.0-2.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.s390x"
},
"product_reference": "claws-mail-4.0.0-2.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-4.0.0-2.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:claws-mail-4.0.0-2.5.x86_64"
},
"product_reference": "claws-mail-4.0.0-2.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-4.0.0-2.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.aarch64"
},
"product_reference": "claws-mail-devel-4.0.0-2.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-4.0.0-2.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.ppc64le"
},
"product_reference": "claws-mail-devel-4.0.0-2.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-4.0.0-2.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.s390x"
},
"product_reference": "claws-mail-devel-4.0.0-2.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-devel-4.0.0-2.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.x86_64"
},
"product_reference": "claws-mail-devel-4.0.0-2.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-lang-4.0.0-2.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.aarch64"
},
"product_reference": "claws-mail-lang-4.0.0-2.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-lang-4.0.0-2.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.ppc64le"
},
"product_reference": "claws-mail-lang-4.0.0-2.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-lang-4.0.0-2.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.s390x"
},
"product_reference": "claws-mail-lang-4.0.0-2.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "claws-mail-lang-4.0.0-2.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.x86_64"
},
"product_reference": "claws-mail-lang-4.0.0-2.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-1558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-1558"
}
],
"notes": [
{
"category": "general",
"text": "The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:claws-mail-4.0.0-2.5.aarch64",
"openSUSE Tumbleweed:claws-mail-4.0.0-2.5.ppc64le",
"openSUSE Tumbleweed:claws-mail-4.0.0-2.5.s390x",
"openSUSE Tumbleweed:claws-mail-4.0.0-2.5.x86_64",
"openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.aarch64",
"openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.ppc64le",
"openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.s390x",
"openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.x86_64",
"openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.aarch64",
"openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.ppc64le",
"openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.s390x",
"openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-1558",
"url": "https://www.suse.com/security/cve/CVE-2007-1558"
},
{
"category": "external",
"summary": "SUSE Bug 262450 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/262450"
},
{
"category": "external",
"summary": "SUSE Bug 271197 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/271197"
},
{
"category": "external",
"summary": "SUSE Bug 279843 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/279843"
},
{
"category": "external",
"summary": "SUSE Bug 281321 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/281321"
},
{
"category": "external",
"summary": "SUSE Bug 281323 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/281323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:claws-mail-4.0.0-2.5.aarch64",
"openSUSE Tumbleweed:claws-mail-4.0.0-2.5.ppc64le",
"openSUSE Tumbleweed:claws-mail-4.0.0-2.5.s390x",
"openSUSE Tumbleweed:claws-mail-4.0.0-2.5.x86_64",
"openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.aarch64",
"openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.ppc64le",
"openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.s390x",
"openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.x86_64",
"openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.aarch64",
"openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.ppc64le",
"openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.s390x",
"openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2007-1558"
},
{
"cve": "CVE-2020-15917",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15917"
}
],
"notes": [
{
"category": "general",
"text": "common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:claws-mail-4.0.0-2.5.aarch64",
"openSUSE Tumbleweed:claws-mail-4.0.0-2.5.ppc64le",
"openSUSE Tumbleweed:claws-mail-4.0.0-2.5.s390x",
"openSUSE Tumbleweed:claws-mail-4.0.0-2.5.x86_64",
"openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.aarch64",
"openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.ppc64le",
"openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.s390x",
"openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.x86_64",
"openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.aarch64",
"openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.ppc64le",
"openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.s390x",
"openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15917",
"url": "https://www.suse.com/security/cve/CVE-2020-15917"
},
{
"category": "external",
"summary": "SUSE Bug 1174457 for CVE-2020-15917",
"url": "https://bugzilla.suse.com/1174457"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:claws-mail-4.0.0-2.5.aarch64",
"openSUSE Tumbleweed:claws-mail-4.0.0-2.5.ppc64le",
"openSUSE Tumbleweed:claws-mail-4.0.0-2.5.s390x",
"openSUSE Tumbleweed:claws-mail-4.0.0-2.5.x86_64",
"openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.aarch64",
"openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.ppc64le",
"openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.s390x",
"openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.x86_64",
"openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.aarch64",
"openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.ppc64le",
"openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.s390x",
"openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:claws-mail-4.0.0-2.5.aarch64",
"openSUSE Tumbleweed:claws-mail-4.0.0-2.5.ppc64le",
"openSUSE Tumbleweed:claws-mail-4.0.0-2.5.s390x",
"openSUSE Tumbleweed:claws-mail-4.0.0-2.5.x86_64",
"openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.aarch64",
"openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.ppc64le",
"openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.s390x",
"openSUSE Tumbleweed:claws-mail-devel-4.0.0-2.5.x86_64",
"openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.aarch64",
"openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.ppc64le",
"openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.s390x",
"openSUSE Tumbleweed:claws-mail-lang-4.0.0-2.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2020-15917"
}
]
}
OPENSUSE-SU-2024:10753-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
fetchmail-6.4.21-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: fetchmail-6.4.21-2.1 on GA media
Description of the patch: These are all security issues fixed in the fetchmail-6.4.21-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10753
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.1 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmail-6.4.21-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
26 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2006-0321/ | self |
| https://www.suse.com/security/cve/CVE-2006-5867/ | self |
| https://www.suse.com/security/cve/CVE-2006-5974/ | self |
| https://www.suse.com/security/cve/CVE-2007-1558/ | self |
| https://www.suse.com/security/cve/CVE-2007-4565/ | self |
| https://www.suse.com/security/cve/CVE-2021-36386/ | self |
| https://www.suse.com/security/cve/CVE-2006-0321 | external |
| https://bugzilla.suse.com/140475 | external |
| https://www.suse.com/security/cve/CVE-2006-5867 | external |
| https://bugzilla.suse.com/223507 | external |
| https://www.suse.com/security/cve/CVE-2006-5974 | external |
| https://bugzilla.suse.com/223507 | external |
| https://bugzilla.suse.com/239002 | external |
| https://www.suse.com/security/cve/CVE-2007-1558 | external |
| https://bugzilla.suse.com/262450 | external |
| https://bugzilla.suse.com/271197 | external |
| https://bugzilla.suse.com/279843 | external |
| https://bugzilla.suse.com/281321 | external |
| https://bugzilla.suse.com/281323 | external |
| https://www.suse.com/security/cve/CVE-2007-4565 | external |
| https://bugzilla.suse.com/308271 | external |
| https://www.suse.com/security/cve/CVE-2021-36386 | external |
| https://bugzilla.suse.com/1188875 | external |
| https://bugzilla.suse.com/1224188 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "fetchmail-6.4.21-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the fetchmail-6.4.21-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10753",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10753-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-0321 page",
"url": "https://www.suse.com/security/cve/CVE-2006-0321/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-5867 page",
"url": "https://www.suse.com/security/cve/CVE-2006-5867/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-5974 page",
"url": "https://www.suse.com/security/cve/CVE-2006-5974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-1558 page",
"url": "https://www.suse.com/security/cve/CVE-2007-1558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-4565 page",
"url": "https://www.suse.com/security/cve/CVE-2007-4565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-36386 page",
"url": "https://www.suse.com/security/cve/CVE-2021-36386/"
}
],
"title": "fetchmail-6.4.21-2.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10753-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "fetchmail-6.4.21-2.1.aarch64",
"product": {
"name": "fetchmail-6.4.21-2.1.aarch64",
"product_id": "fetchmail-6.4.21-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "fetchmailconf-6.4.21-2.1.aarch64",
"product": {
"name": "fetchmailconf-6.4.21-2.1.aarch64",
"product_id": "fetchmailconf-6.4.21-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "fetchmail-6.4.21-2.1.ppc64le",
"product": {
"name": "fetchmail-6.4.21-2.1.ppc64le",
"product_id": "fetchmail-6.4.21-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "fetchmailconf-6.4.21-2.1.ppc64le",
"product": {
"name": "fetchmailconf-6.4.21-2.1.ppc64le",
"product_id": "fetchmailconf-6.4.21-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "fetchmail-6.4.21-2.1.s390x",
"product": {
"name": "fetchmail-6.4.21-2.1.s390x",
"product_id": "fetchmail-6.4.21-2.1.s390x"
}
},
{
"category": "product_version",
"name": "fetchmailconf-6.4.21-2.1.s390x",
"product": {
"name": "fetchmailconf-6.4.21-2.1.s390x",
"product_id": "fetchmailconf-6.4.21-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "fetchmail-6.4.21-2.1.x86_64",
"product": {
"name": "fetchmail-6.4.21-2.1.x86_64",
"product_id": "fetchmail-6.4.21-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "fetchmailconf-6.4.21-2.1.x86_64",
"product": {
"name": "fetchmailconf-6.4.21-2.1.x86_64",
"product_id": "fetchmailconf-6.4.21-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "fetchmail-6.4.21-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:fetchmail-6.4.21-2.1.aarch64"
},
"product_reference": "fetchmail-6.4.21-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetchmail-6.4.21-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:fetchmail-6.4.21-2.1.ppc64le"
},
"product_reference": "fetchmail-6.4.21-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetchmail-6.4.21-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:fetchmail-6.4.21-2.1.s390x"
},
"product_reference": "fetchmail-6.4.21-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetchmail-6.4.21-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:fetchmail-6.4.21-2.1.x86_64"
},
"product_reference": "fetchmail-6.4.21-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetchmailconf-6.4.21-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.aarch64"
},
"product_reference": "fetchmailconf-6.4.21-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetchmailconf-6.4.21-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.ppc64le"
},
"product_reference": "fetchmailconf-6.4.21-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetchmailconf-6.4.21-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.s390x"
},
"product_reference": "fetchmailconf-6.4.21-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "fetchmailconf-6.4.21-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.x86_64"
},
"product_reference": "fetchmailconf-6.4.21-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-0321",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-0321"
}
],
"notes": [
{
"category": "general",
"text": "fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-0321",
"url": "https://www.suse.com/security/cve/CVE-2006-0321"
},
{
"category": "external",
"summary": "SUSE Bug 140475 for CVE-2006-0321",
"url": "https://bugzilla.suse.com/140475"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2006-0321"
},
{
"cve": "CVE-2006-5867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-5867"
}
],
"notes": [
{
"category": "general",
"text": "fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-5867",
"url": "https://www.suse.com/security/cve/CVE-2006-5867"
},
{
"category": "external",
"summary": "SUSE Bug 223507 for CVE-2006-5867",
"url": "https://bugzilla.suse.com/223507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2006-5867"
},
{
"cve": "CVE-2006-5974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-5974"
}
],
"notes": [
{
"category": "general",
"text": "fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-5974",
"url": "https://www.suse.com/security/cve/CVE-2006-5974"
},
{
"category": "external",
"summary": "SUSE Bug 223507 for CVE-2006-5974",
"url": "https://bugzilla.suse.com/223507"
},
{
"category": "external",
"summary": "SUSE Bug 239002 for CVE-2006-5974",
"url": "https://bugzilla.suse.com/239002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2006-5974"
},
{
"cve": "CVE-2007-1558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-1558"
}
],
"notes": [
{
"category": "general",
"text": "The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-1558",
"url": "https://www.suse.com/security/cve/CVE-2007-1558"
},
{
"category": "external",
"summary": "SUSE Bug 262450 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/262450"
},
{
"category": "external",
"summary": "SUSE Bug 271197 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/271197"
},
{
"category": "external",
"summary": "SUSE Bug 279843 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/279843"
},
{
"category": "external",
"summary": "SUSE Bug 281321 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/281321"
},
{
"category": "external",
"summary": "SUSE Bug 281323 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/281323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2007-1558"
},
{
"cve": "CVE-2007-4565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-4565"
}
],
"notes": [
{
"category": "general",
"text": "sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-4565",
"url": "https://www.suse.com/security/cve/CVE-2007-4565"
},
{
"category": "external",
"summary": "SUSE Bug 308271 for CVE-2007-4565",
"url": "https://bugzilla.suse.com/308271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-4565"
},
{
"cve": "CVE-2021-36386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-36386"
}
],
"notes": [
{
"category": "general",
"text": "report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-36386",
"url": "https://www.suse.com/security/cve/CVE-2021-36386"
},
{
"category": "external",
"summary": "SUSE Bug 1188875 for CVE-2021-36386",
"url": "https://bugzilla.suse.com/1188875"
},
{
"category": "external",
"summary": "SUSE Bug 1224188 for CVE-2021-36386",
"url": "https://bugzilla.suse.com/1224188"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmail-6.4.21-2.1.x86_64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.aarch64",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.ppc64le",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.s390x",
"openSUSE Tumbleweed:fetchmailconf-6.4.21-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-36386"
}
]
}
OPENSUSE-SU-2024:11069-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
mutt-2.0.7-2.2 on GA media
Severity
Moderate
Notes
Title of the patch: mutt-2.0.7-2.2 on GA media
Description of the patch: These are all security issues fixed in the mutt-2.0.7-2.2 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11069
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.3 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.6 (Critical)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
5.4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.8 (Critical)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
108 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2007-1558/ | self |
| https://www.suse.com/security/cve/CVE-2018-14349/ | self |
| https://www.suse.com/security/cve/CVE-2018-14350/ | self |
| https://www.suse.com/security/cve/CVE-2018-14351/ | self |
| https://www.suse.com/security/cve/CVE-2018-14352/ | self |
| https://www.suse.com/security/cve/CVE-2018-14353/ | self |
| https://www.suse.com/security/cve/CVE-2018-14354/ | self |
| https://www.suse.com/security/cve/CVE-2018-14355/ | self |
| https://www.suse.com/security/cve/CVE-2018-14356/ | self |
| https://www.suse.com/security/cve/CVE-2018-14357/ | self |
| https://www.suse.com/security/cve/CVE-2018-14358/ | self |
| https://www.suse.com/security/cve/CVE-2018-14359/ | self |
| https://www.suse.com/security/cve/CVE-2018-14360/ | self |
| https://www.suse.com/security/cve/CVE-2018-14361/ | self |
| https://www.suse.com/security/cve/CVE-2018-14362/ | self |
| https://www.suse.com/security/cve/CVE-2018-14363/ | self |
| https://www.suse.com/security/cve/CVE-2020-14093/ | self |
| https://www.suse.com/security/cve/CVE-2020-14954/ | self |
| https://www.suse.com/security/cve/CVE-2020-28896/ | self |
| https://www.suse.com/security/cve/CVE-2021-3181/ | self |
| https://www.suse.com/security/cve/CVE-2021-32055/ | self |
| https://www.suse.com/security/cve/CVE-2007-1558 | external |
| https://bugzilla.suse.com/262450 | external |
| https://bugzilla.suse.com/271197 | external |
| https://bugzilla.suse.com/279843 | external |
| https://bugzilla.suse.com/281321 | external |
| https://bugzilla.suse.com/281323 | external |
| https://www.suse.com/security/cve/CVE-2018-14349 | external |
| https://bugzilla.suse.com/1101428 | external |
| https://bugzilla.suse.com/1101589 | external |
| https://bugzilla.suse.com/1101593 | external |
| https://www.suse.com/security/cve/CVE-2018-14350 | external |
| https://bugzilla.suse.com/1101428 | external |
| https://bugzilla.suse.com/1101588 | external |
| https://bugzilla.suse.com/1101593 | external |
| https://www.suse.com/security/cve/CVE-2018-14351 | external |
| https://bugzilla.suse.com/1101428 | external |
| https://bugzilla.suse.com/1101583 | external |
| https://bugzilla.suse.com/1101593 | external |
| https://www.suse.com/security/cve/CVE-2018-14352 | external |
| https://bugzilla.suse.com/1101428 | external |
| https://bugzilla.suse.com/1101582 | external |
| https://bugzilla.suse.com/1101593 | external |
| https://www.suse.com/security/cve/CVE-2018-14353 | external |
| https://bugzilla.suse.com/1101428 | external |
| https://bugzilla.suse.com/1101581 | external |
| https://bugzilla.suse.com/1101593 | external |
| https://www.suse.com/security/cve/CVE-2018-14354 | external |
| https://bugzilla.suse.com/1101428 | external |
| https://bugzilla.suse.com/1101578 | external |
| https://bugzilla.suse.com/1101581 | external |
| https://bugzilla.suse.com/1101589 | external |
| https://bugzilla.suse.com/1101593 | external |
| https://www.suse.com/security/cve/CVE-2018-14355 | external |
| https://bugzilla.suse.com/1101428 | external |
| https://bugzilla.suse.com/1101577 | external |
| https://bugzilla.suse.com/1101593 | external |
| https://www.suse.com/security/cve/CVE-2018-14356 | external |
| https://bugzilla.suse.com/1101428 | external |
| https://bugzilla.suse.com/1101576 | external |
| https://bugzilla.suse.com/1101589 | external |
| https://bugzilla.suse.com/1101593 | external |
| https://www.suse.com/security/cve/CVE-2018-14357 | external |
| https://bugzilla.suse.com/1101428 | external |
| https://bugzilla.suse.com/1101573 | external |
| https://bugzilla.suse.com/1101581 | external |
| https://bugzilla.suse.com/1101589 | external |
| https://bugzilla.suse.com/1101593 | external |
| https://www.suse.com/security/cve/CVE-2018-14358 | external |
| https://bugzilla.suse.com/1101428 | external |
| https://bugzilla.suse.com/1101571 | external |
| https://bugzilla.suse.com/1101593 | external |
| https://www.suse.com/security/cve/CVE-2018-14359 | external |
| https://bugzilla.suse.com/1101428 | external |
| https://bugzilla.suse.com/1101570 | external |
| https://bugzilla.suse.com/1101589 | external |
| https://bugzilla.suse.com/1101593 | external |
| https://www.suse.com/security/cve/CVE-2018-14360 | external |
| https://bugzilla.suse.com/1101428 | external |
| https://bugzilla.suse.com/1101569 | external |
| https://bugzilla.suse.com/1101593 | external |
| https://www.suse.com/security/cve/CVE-2018-14361 | external |
| https://bugzilla.suse.com/1101428 | external |
| https://bugzilla.suse.com/1101568 | external |
| https://bugzilla.suse.com/1101593 | external |
| https://www.suse.com/security/cve/CVE-2018-14362 | external |
| https://bugzilla.suse.com/1101428 | external |
| https://bugzilla.suse.com/1101567 | external |
| https://bugzilla.suse.com/1101589 | external |
| https://bugzilla.suse.com/1101593 | external |
| https://www.suse.com/security/cve/CVE-2018-14363 | external |
| https://bugzilla.suse.com/1101428 | external |
| https://bugzilla.suse.com/1101566 | external |
| https://bugzilla.suse.com/1101593 | external |
| https://www.suse.com/security/cve/CVE-2020-14093 | external |
| https://bugzilla.suse.com/1172906 | external |
| https://bugzilla.suse.com/1172935 | external |
| https://www.suse.com/security/cve/CVE-2020-14954 | external |
| https://bugzilla.suse.com/1173197 | external |
| https://www.suse.com/security/cve/CVE-2020-28896 | external |
| https://bugzilla.suse.com/1179035 | external |
| https://www.suse.com/security/cve/CVE-2021-3181 | external |
| https://bugzilla.suse.com/1181221 | external |
| https://bugzilla.suse.com/1181505 | external |
| https://www.suse.com/security/cve/CVE-2021-32055 | external |
| https://bugzilla.suse.com/1185705 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "mutt-2.0.7-2.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the mutt-2.0.7-2.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11069",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11069-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-1558 page",
"url": "https://www.suse.com/security/cve/CVE-2007-1558/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14349 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14350 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14351 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14352 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14353 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14353/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14354 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14355 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14355/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14356 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14357 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14358 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14359 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14359/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14360 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14361 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14362 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14363 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14093 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14954 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14954/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28896 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28896/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3181 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32055 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32055/"
}
],
"title": "mutt-2.0.7-2.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11069-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "mutt-2.0.7-2.2.aarch64",
"product": {
"name": "mutt-2.0.7-2.2.aarch64",
"product_id": "mutt-2.0.7-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "mutt-doc-2.0.7-2.2.aarch64",
"product": {
"name": "mutt-doc-2.0.7-2.2.aarch64",
"product_id": "mutt-doc-2.0.7-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "mutt-lang-2.0.7-2.2.aarch64",
"product": {
"name": "mutt-lang-2.0.7-2.2.aarch64",
"product_id": "mutt-lang-2.0.7-2.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-2.0.7-2.2.ppc64le",
"product": {
"name": "mutt-2.0.7-2.2.ppc64le",
"product_id": "mutt-2.0.7-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "mutt-doc-2.0.7-2.2.ppc64le",
"product": {
"name": "mutt-doc-2.0.7-2.2.ppc64le",
"product_id": "mutt-doc-2.0.7-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "mutt-lang-2.0.7-2.2.ppc64le",
"product": {
"name": "mutt-lang-2.0.7-2.2.ppc64le",
"product_id": "mutt-lang-2.0.7-2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-2.0.7-2.2.s390x",
"product": {
"name": "mutt-2.0.7-2.2.s390x",
"product_id": "mutt-2.0.7-2.2.s390x"
}
},
{
"category": "product_version",
"name": "mutt-doc-2.0.7-2.2.s390x",
"product": {
"name": "mutt-doc-2.0.7-2.2.s390x",
"product_id": "mutt-doc-2.0.7-2.2.s390x"
}
},
{
"category": "product_version",
"name": "mutt-lang-2.0.7-2.2.s390x",
"product": {
"name": "mutt-lang-2.0.7-2.2.s390x",
"product_id": "mutt-lang-2.0.7-2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "mutt-2.0.7-2.2.x86_64",
"product": {
"name": "mutt-2.0.7-2.2.x86_64",
"product_id": "mutt-2.0.7-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "mutt-doc-2.0.7-2.2.x86_64",
"product": {
"name": "mutt-doc-2.0.7-2.2.x86_64",
"product_id": "mutt-doc-2.0.7-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "mutt-lang-2.0.7-2.2.x86_64",
"product": {
"name": "mutt-lang-2.0.7-2.2.x86_64",
"product_id": "mutt-lang-2.0.7-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-2.0.7-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64"
},
"product_reference": "mutt-2.0.7-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-2.0.7-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le"
},
"product_reference": "mutt-2.0.7-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-2.0.7-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x"
},
"product_reference": "mutt-2.0.7-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-2.0.7-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64"
},
"product_reference": "mutt-2.0.7-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-doc-2.0.7-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64"
},
"product_reference": "mutt-doc-2.0.7-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-doc-2.0.7-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le"
},
"product_reference": "mutt-doc-2.0.7-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-doc-2.0.7-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x"
},
"product_reference": "mutt-doc-2.0.7-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-doc-2.0.7-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64"
},
"product_reference": "mutt-doc-2.0.7-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-lang-2.0.7-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64"
},
"product_reference": "mutt-lang-2.0.7-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-lang-2.0.7-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le"
},
"product_reference": "mutt-lang-2.0.7-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-lang-2.0.7-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x"
},
"product_reference": "mutt-lang-2.0.7-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mutt-lang-2.0.7-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
},
"product_reference": "mutt-lang-2.0.7-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-1558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-1558"
}
],
"notes": [
{
"category": "general",
"text": "The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-1558",
"url": "https://www.suse.com/security/cve/CVE-2007-1558"
},
{
"category": "external",
"summary": "SUSE Bug 262450 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/262450"
},
{
"category": "external",
"summary": "SUSE Bug 271197 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/271197"
},
{
"category": "external",
"summary": "SUSE Bug 279843 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/279843"
},
{
"category": "external",
"summary": "SUSE Bug 281321 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/281321"
},
{
"category": "external",
"summary": "SUSE Bug 281323 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/281323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2007-1558"
},
{
"cve": "CVE-2018-14349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14349"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14349",
"url": "https://www.suse.com/security/cve/CVE-2018-14349"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14349",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101589 for CVE-2018-14349",
"url": "https://bugzilla.suse.com/1101589"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14349",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14349"
},
{
"cve": "CVE-2018-14350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14350"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14350",
"url": "https://www.suse.com/security/cve/CVE-2018-14350"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14350",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101588 for CVE-2018-14350",
"url": "https://bugzilla.suse.com/1101588"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14350",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14350"
},
{
"cve": "CVE-2018-14351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14351"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14351",
"url": "https://www.suse.com/security/cve/CVE-2018-14351"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14351",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101583 for CVE-2018-14351",
"url": "https://bugzilla.suse.com/1101583"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14351",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-14351"
},
{
"cve": "CVE-2018-14352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14352"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14352",
"url": "https://www.suse.com/security/cve/CVE-2018-14352"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14352",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101582 for CVE-2018-14352",
"url": "https://bugzilla.suse.com/1101582"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14352",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14352"
},
{
"cve": "CVE-2018-14353",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14353"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14353",
"url": "https://www.suse.com/security/cve/CVE-2018-14353"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14353",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101581 for CVE-2018-14353",
"url": "https://bugzilla.suse.com/1101581"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14353",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14353"
},
{
"cve": "CVE-2018-14354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14354"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14354",
"url": "https://www.suse.com/security/cve/CVE-2018-14354"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14354",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101578 for CVE-2018-14354",
"url": "https://bugzilla.suse.com/1101578"
},
{
"category": "external",
"summary": "SUSE Bug 1101581 for CVE-2018-14354",
"url": "https://bugzilla.suse.com/1101581"
},
{
"category": "external",
"summary": "SUSE Bug 1101589 for CVE-2018-14354",
"url": "https://bugzilla.suse.com/1101589"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14354",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-14354"
},
{
"cve": "CVE-2018-14355",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14355"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles \"..\" directory traversal in a mailbox name.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14355",
"url": "https://www.suse.com/security/cve/CVE-2018-14355"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14355",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101577 for CVE-2018-14355",
"url": "https://bugzilla.suse.com/1101577"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14355",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14355"
},
{
"cve": "CVE-2018-14356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14356"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14356",
"url": "https://www.suse.com/security/cve/CVE-2018-14356"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14356",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101576 for CVE-2018-14356",
"url": "https://bugzilla.suse.com/1101576"
},
{
"category": "external",
"summary": "SUSE Bug 1101589 for CVE-2018-14356",
"url": "https://bugzilla.suse.com/1101589"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14356",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14356"
},
{
"cve": "CVE-2018-14357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14357"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14357",
"url": "https://www.suse.com/security/cve/CVE-2018-14357"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14357",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101573 for CVE-2018-14357",
"url": "https://bugzilla.suse.com/1101573"
},
{
"category": "external",
"summary": "SUSE Bug 1101581 for CVE-2018-14357",
"url": "https://bugzilla.suse.com/1101581"
},
{
"category": "external",
"summary": "SUSE Bug 1101589 for CVE-2018-14357",
"url": "https://bugzilla.suse.com/1101589"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14357",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-14357"
},
{
"cve": "CVE-2018-14358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14358"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14358",
"url": "https://www.suse.com/security/cve/CVE-2018-14358"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14358",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101571 for CVE-2018-14358",
"url": "https://bugzilla.suse.com/1101571"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14358",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14358"
},
{
"cve": "CVE-2018-14359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14359"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14359",
"url": "https://www.suse.com/security/cve/CVE-2018-14359"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14359",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101570 for CVE-2018-14359",
"url": "https://bugzilla.suse.com/1101570"
},
{
"category": "external",
"summary": "SUSE Bug 1101589 for CVE-2018-14359",
"url": "https://bugzilla.suse.com/1101589"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14359",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14359"
},
{
"cve": "CVE-2018-14360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14360"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14360",
"url": "https://www.suse.com/security/cve/CVE-2018-14360"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14360",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101569 for CVE-2018-14360",
"url": "https://bugzilla.suse.com/1101569"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14360",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-14360"
},
{
"cve": "CVE-2018-14361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14361"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14361",
"url": "https://www.suse.com/security/cve/CVE-2018-14361"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14361",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101568 for CVE-2018-14361",
"url": "https://bugzilla.suse.com/1101568"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14361",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-14361"
},
{
"cve": "CVE-2018-14362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14362"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a \u0027/\u0027 character.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14362",
"url": "https://www.suse.com/security/cve/CVE-2018-14362"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14362",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101567 for CVE-2018-14362",
"url": "https://bugzilla.suse.com/1101567"
},
{
"category": "external",
"summary": "SUSE Bug 1101589 for CVE-2018-14362",
"url": "https://bugzilla.suse.com/1101589"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14362",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14362"
},
{
"cve": "CVE-2018-14363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14363"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict \u0027/\u0027 characters that may have unsafe interaction with cache pathnames.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14363",
"url": "https://www.suse.com/security/cve/CVE-2018-14363"
},
{
"category": "external",
"summary": "SUSE Bug 1101428 for CVE-2018-14363",
"url": "https://bugzilla.suse.com/1101428"
},
{
"category": "external",
"summary": "SUSE Bug 1101566 for CVE-2018-14363",
"url": "https://bugzilla.suse.com/1101566"
},
{
"category": "external",
"summary": "SUSE Bug 1101593 for CVE-2018-14363",
"url": "https://bugzilla.suse.com/1101593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-14363"
},
{
"cve": "CVE-2020-14093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14093"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14093",
"url": "https://www.suse.com/security/cve/CVE-2020-14093"
},
{
"category": "external",
"summary": "SUSE Bug 1172906 for CVE-2020-14093",
"url": "https://bugzilla.suse.com/1172906"
},
{
"category": "external",
"summary": "SUSE Bug 1172935 for CVE-2020-14093",
"url": "https://bugzilla.suse.com/1172935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14093"
},
{
"cve": "CVE-2020-14954",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14954"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a \"begin TLS\" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS context, aka \"response injection.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14954",
"url": "https://www.suse.com/security/cve/CVE-2020-14954"
},
{
"category": "external",
"summary": "SUSE Bug 1173197 for CVE-2020-14954",
"url": "https://bugzilla.suse.com/1173197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14954"
},
{
"cve": "CVE-2020-28896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28896"
}
],
"notes": [
{
"category": "general",
"text": "Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server\u0027s initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials being exposed on an unencrypted connection, or to a machine-in-the-middle.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28896",
"url": "https://www.suse.com/security/cve/CVE-2020-28896"
},
{
"category": "external",
"summary": "SUSE Bug 1179035 for CVE-2020-28896",
"url": "https://bugzilla.suse.com/1179035"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-28896"
},
{
"cve": "CVE-2021-3181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3181"
}
],
"notes": [
{
"category": "general",
"text": "rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3181",
"url": "https://www.suse.com/security/cve/CVE-2021-3181"
},
{
"category": "external",
"summary": "SUSE Bug 1181221 for CVE-2021-3181",
"url": "https://bugzilla.suse.com/1181221"
},
{
"category": "external",
"summary": "SUSE Bug 1181505 for CVE-2021-3181",
"url": "https://bugzilla.suse.com/1181505"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3181"
},
{
"cve": "CVE-2021-32055",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32055"
}
],
"notes": [
{
"category": "general",
"text": "Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imap_qresync setting for QRESYNC is not enabled by default.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32055",
"url": "https://www.suse.com/security/cve/CVE-2021-32055"
},
{
"category": "external",
"summary": "SUSE Bug 1185705 for CVE-2021-32055",
"url": "https://bugzilla.suse.com/1185705"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:mutt-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-doc-2.0.7-2.2.x86_64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.aarch64",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.ppc64le",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.s390x",
"openSUSE Tumbleweed:mutt-lang-2.0.7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-32055"
}
]
}
OPENSUSE-SU-2024:11615-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
mpop-1.4.14-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: mpop-1.4.14-1.1 on GA media
Description of the patch: These are all security issues fixed in the mpop-1.4.14-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11615
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:mpop-1.4.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mpop-1.4.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mpop-1.4.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mpop-1.4.14-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mpop-doc-1.4.14-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mpop-doc-1.4.14-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mpop-doc-1.4.14-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mpop-doc-1.4.14-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
9 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2007-1558/ | self |
| https://www.suse.com/security/cve/CVE-2007-1558 | external |
| https://bugzilla.suse.com/262450 | external |
| https://bugzilla.suse.com/271197 | external |
| https://bugzilla.suse.com/279843 | external |
| https://bugzilla.suse.com/281321 | external |
| https://bugzilla.suse.com/281323 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "mpop-1.4.14-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the mpop-1.4.14-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11615",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11615-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-1558 page",
"url": "https://www.suse.com/security/cve/CVE-2007-1558/"
}
],
"title": "mpop-1.4.14-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11615-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "mpop-1.4.14-1.1.aarch64",
"product": {
"name": "mpop-1.4.14-1.1.aarch64",
"product_id": "mpop-1.4.14-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "mpop-doc-1.4.14-1.1.aarch64",
"product": {
"name": "mpop-doc-1.4.14-1.1.aarch64",
"product_id": "mpop-doc-1.4.14-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "mpop-1.4.14-1.1.ppc64le",
"product": {
"name": "mpop-1.4.14-1.1.ppc64le",
"product_id": "mpop-1.4.14-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mpop-doc-1.4.14-1.1.ppc64le",
"product": {
"name": "mpop-doc-1.4.14-1.1.ppc64le",
"product_id": "mpop-doc-1.4.14-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "mpop-1.4.14-1.1.s390x",
"product": {
"name": "mpop-1.4.14-1.1.s390x",
"product_id": "mpop-1.4.14-1.1.s390x"
}
},
{
"category": "product_version",
"name": "mpop-doc-1.4.14-1.1.s390x",
"product": {
"name": "mpop-doc-1.4.14-1.1.s390x",
"product_id": "mpop-doc-1.4.14-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "mpop-1.4.14-1.1.x86_64",
"product": {
"name": "mpop-1.4.14-1.1.x86_64",
"product_id": "mpop-1.4.14-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "mpop-doc-1.4.14-1.1.x86_64",
"product": {
"name": "mpop-doc-1.4.14-1.1.x86_64",
"product_id": "mpop-doc-1.4.14-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mpop-1.4.14-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mpop-1.4.14-1.1.aarch64"
},
"product_reference": "mpop-1.4.14-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mpop-1.4.14-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mpop-1.4.14-1.1.ppc64le"
},
"product_reference": "mpop-1.4.14-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mpop-1.4.14-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mpop-1.4.14-1.1.s390x"
},
"product_reference": "mpop-1.4.14-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mpop-1.4.14-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mpop-1.4.14-1.1.x86_64"
},
"product_reference": "mpop-1.4.14-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mpop-doc-1.4.14-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mpop-doc-1.4.14-1.1.aarch64"
},
"product_reference": "mpop-doc-1.4.14-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mpop-doc-1.4.14-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mpop-doc-1.4.14-1.1.ppc64le"
},
"product_reference": "mpop-doc-1.4.14-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mpop-doc-1.4.14-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mpop-doc-1.4.14-1.1.s390x"
},
"product_reference": "mpop-doc-1.4.14-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mpop-doc-1.4.14-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mpop-doc-1.4.14-1.1.x86_64"
},
"product_reference": "mpop-doc-1.4.14-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-1558",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-1558"
}
],
"notes": [
{
"category": "general",
"text": "The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1.x before 1.5.0.12 and 2.x before 2.0.0.4, (2) Evolution, (3) mutt, (4) fetchmail before 6.3.8, (5) SeaMonkey 1.0.x before 1.0.9 and 1.1.x before 1.1.2, (6) Balsa 2.3.16 and earlier, (7) Mailfilter before 0.8.2, and possibly other products.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:mpop-1.4.14-1.1.aarch64",
"openSUSE Tumbleweed:mpop-1.4.14-1.1.ppc64le",
"openSUSE Tumbleweed:mpop-1.4.14-1.1.s390x",
"openSUSE Tumbleweed:mpop-1.4.14-1.1.x86_64",
"openSUSE Tumbleweed:mpop-doc-1.4.14-1.1.aarch64",
"openSUSE Tumbleweed:mpop-doc-1.4.14-1.1.ppc64le",
"openSUSE Tumbleweed:mpop-doc-1.4.14-1.1.s390x",
"openSUSE Tumbleweed:mpop-doc-1.4.14-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-1558",
"url": "https://www.suse.com/security/cve/CVE-2007-1558"
},
{
"category": "external",
"summary": "SUSE Bug 262450 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/262450"
},
{
"category": "external",
"summary": "SUSE Bug 271197 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/271197"
},
{
"category": "external",
"summary": "SUSE Bug 279843 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/279843"
},
{
"category": "external",
"summary": "SUSE Bug 281321 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/281321"
},
{
"category": "external",
"summary": "SUSE Bug 281323 for CVE-2007-1558",
"url": "https://bugzilla.suse.com/281323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:mpop-1.4.14-1.1.aarch64",
"openSUSE Tumbleweed:mpop-1.4.14-1.1.ppc64le",
"openSUSE Tumbleweed:mpop-1.4.14-1.1.s390x",
"openSUSE Tumbleweed:mpop-1.4.14-1.1.x86_64",
"openSUSE Tumbleweed:mpop-doc-1.4.14-1.1.aarch64",
"openSUSE Tumbleweed:mpop-doc-1.4.14-1.1.ppc64le",
"openSUSE Tumbleweed:mpop-doc-1.4.14-1.1.s390x",
"openSUSE Tumbleweed:mpop-doc-1.4.14-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2007-1558"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…