Known Vulnerabilities for products from Neomutt

Listed below are 18 of the newest known vulnerabilities associated with the vendor "Neomutt".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-32055 json Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/ut... 9.1 - CRITICAL 2021-05-05 2021-06-01
CVE-2020-28896 json Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial ... 5.3 - MEDIUM 2020-11-23 2021-07-21
CVE-2020-14954 json Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a se... 5.9 - MEDIUM 2020-06-21 2023-11-07
CVE-2018-14363 json An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe... 7.5 - HIGH 2018-07-17 2020-05-21
CVE-2018-14362 json An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have u... 9.8 - CRITICAL 2018-07-17 2020-05-19
CVE-2018-14361 json An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data. 9.8 - CRITICAL 2018-07-17 2020-05-19
CVE-2018-14360 json An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of... 9.8 - CRITICAL 2018-07-17 2020-05-19
CVE-2018-14359 json An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data. 9.8 - CRITICAL 2018-07-17 2020-05-19
CVE-2018-14358 json An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow... 9.8 - CRITICAL 2018-07-17 2020-05-20
CVE-2018-14357 json An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitr... 9.8 - CRITICAL 2018-07-17 2020-08-24
CVE-2018-14356 json An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID. 9.8 - CRITICAL 2018-07-17 2020-05-20
CVE-2018-14355 json An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal ... 5.3 - MEDIUM 2018-07-17 2020-05-20
CVE-2018-14354 json An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitr... 9.8 - CRITICAL 2018-07-17 2020-08-24
CVE-2018-14353 json An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer ... 9.8 - CRITICAL 2018-07-17 2020-05-20
CVE-2018-14352 json An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave ... 9.8 - CRITICAL 2018-07-17 2020-05-20
CVE-2018-14351 json An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mai... 9.8 - CRITICAL 2018-07-17 2020-05-20
CVE-2018-14350 json An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow... 9.8 - CRITICAL 2018-07-17 2020-05-20
CVE-2018-14349 json An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without ... 9.8 - CRITICAL 2018-07-17 2020-05-20

Known software with vulnerabilities from Neomutt

Type Vendor Product Version
ApplicationNeomuttNeomutt20160307
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report