cpe:/a:mutt:mutt:1.5 cpe:/a:mutt:mutt:1.5.1 cpe:/a:mutt:mutt:1.5.2 cpe:/a:mutt:mutt:1.5.3 cpe:/a:mutt:mutt:1.5.4 cpe:/a:mutt:mutt:1.5.5 cpe:/a:mutt:mutt:1.5.6 cpe:/a:mutt:mutt:1.5.7 cpe:/a:mutt:mutt:1.5.8 cpe:/a:mutt:mutt:1.5.9 cpe:/a:mutt:mutt:1.5.10 cpe:/a:mutt:mutt:1.5.11 cpe:/a:mutt:mutt:1.5.12 cpe:/a:mutt:mutt:1.5.13 cpe:/a:mutt:mutt:1.5.14 cpe:/a:mutt:mutt:1.5.15 cpe:/a:mutt:mutt:1.5.16 cpe:/a:mutt:mutt:1.5.17 cpe:/a:mutt:mutt:1.5.18 cpe:/a:mutt:mutt:1.5.19 cpe:/a:mutt:mutt:1.5.20 cpe:/a:mutt:mutt:1.5.21 cpe:/a:mutt:mutt:1.5.22 cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~ cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~ cpe:/o:debian:debian_linux:8.0 cpe:/o:debian:debian_linux:9.0 cpe:/o:redhat:enterprise_linux_desktop:6.0 cpe:/o:redhat:enterprise_linux_desktop:7.0 cpe:/o:redhat:enterprise_linux_server:6.0 cpe:/o:redhat:enterprise_linux_server:7.0 cpe:/o:redhat:enterprise_linux_server_aus:7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.5 cpe:/o:redhat:enterprise_linux_server_eus:7.6 cpe:/o:redhat:enterprise_linux_server_tus:7.6 cpe:/o:redhat:enterprise_linux_workstation:6.0 cpe:/o:redhat:enterprise_linux_workstation:7.0 CVE-2018-14354 2018-07-17T13:29:00.527-04:00 2019-10-02T20:03:26.223-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2019-03-07T11:35:44.437-05:00 BID 104925 DEBIAN DSA-4277 GENTOO GLSA-201810-07 REDHAT RHSA-2018:2526 UBUNTU USN-3719-1 UBUNTU USN-3719-2 UBUNTU USN-3719-3 MLIST [debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update MISC http://www.mutt.org/news.html MISC https://github.com/neomutt/neomutt/commit/95e80bf9ff10f68cb6443f760b85df4117cb15eb MISC https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d MISC https://neomutt.org/2018/07/16/release An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.