Read Time:4 Second
CISA launched the JCDC AI Cybersecurity Playbook to enhance collaboration on AI cybersecurity risks
Yearly Archives: 2025
USN-7204-1: NeoMutt vulnerabilities
Read Time:1 Minute, 36 Second
Jeriko One discovered that NeoMutt incorrectly handled certain IMAP
and POP3 responses. An attacker could possibly use this issue to
cause NeoMutt to crash, resulting in a denial of service, or
the execution of arbitrary code. This issue only affected
Ubuntu 18.04 LTS. (CVE-2018-14349, CVE-2018-14350, CVE-2018-14351,
CVE-2018-14352, CVE-2018-14353, CVE-2018-14354, CVE-2018-14355,
CVE-2018-14356, CVE-2018-14357, CVE-2018-14358, CVE-2018-14359,
CVE-2018-14362)
Jeriko One discovered that NeoMutt incorrectly handled certain
NNTP-related operations. An attacker could possibly use this issue
to cause NeoMutt to crash, resulting in denial of service, or
the execution of arbitrary code. This issue only affected
Ubuntu 18.04 LTS. (CVE-2018-14360, CVE-2018-14361, CVE-2018-14363)
It was discovered that NeoMutt incorrectly processed additional data
when communicating with mail servers. An attacker could possibly use
this issue to access senstive information. This issue only affected
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-14954, CVE-2020-28896)
It was discovered that Neomutt incorrectly handled the IMAP QRSync
setting. An attacker could possibly use this issue to cause NeoMutt
to crash, resulting in denial of service. This issue only affected
Ubuntu 20.04 LTS. (CVE-2021-32055)
Tavis Ormandy discovered that NeoMutt incorrectly parsed uuencoded
text past the length of the string. An attacker could possibly use
this issue to enable the execution of arbitrary code. This issue
only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and
Ubuntu 22.04 LTS. (CVE-2022-1328)
It was discovered that NeoMutt did not properly encrypt email headers.
An attacker could possibly use this issue to receive emails that were
not intended for them and access sensitive information. This
vulnerability was only fixed in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
and Ubuntu 24.04 LTS. (CVE-2024-49393, CVE-2024-49394)
pam-u2f-1.3.1-1.el9
Read Time:10 Second
FEDORA-EPEL-2025-b1223174a4
Packages in this update:
pam-u2f-1.3.1-1.el9
Update description:
pam-u2f fix to resolve CVE-2025-23013 (Partial Authentication Bypass). CVSS score 7.3
pam-u2f-1.3.1-1.fc40
Read Time:9 Second
FEDORA-2025-1bb4d2682b
Packages in this update:
pam-u2f-1.3.1-1.fc40
Update description:
pam-u2f fix to resolve CVE-2025-23013 (Partial Authentication Bypass). CVSS score 7.3
pam-u2f-1.3.1-1.fc41
Read Time:9 Second
FEDORA-2025-e136b45e2a
Packages in this update:
pam-u2f-1.3.1-1.fc41
Update description:
pam-u2f fix to resolve CVE-2025-23013 (Partial Authentication Bypass). CVSS score 7.3
vaultwarden-1.32.7-1.fc41
Read Time:6 Second
FEDORA-2025-0abee701c3
Packages in this update:
vaultwarden-1.32.7-1.fc41
Update description:
update to 1.32.7
Chinese PlugX Malware Deleted in Global Law Enforcement Operation
Read Time:7 Second
The FBI deleted Chinese PlugX malware from thousands of devices in the US, using a technique developed by French cybersecurity firm Sekoia.io
Multi-Cloud Adoption Surges Amid Rising Security Concerns
Read Time:7 Second
A new report from Fortinet reveals increased adoption of multi-cloud strategies and hybrid implementations combining on-premises and public cloud infrastructure
Illicit Crypto-Inflows Set to Top $51bn in a Year
Read Time:4 Second
Chainalysis estimates threat actors made at least $51bn through crypto crime in 2024
freeipa-4.12.2-3.fc40
Read Time:9 Second
FEDORA-2025-6baf694c75
Packages in this update:
freeipa-4.12.2-3.fc40
Update description:
CVE-2024-11029
Release note: https://www.freeipa.org/release-notes/4-12-3.html