Gnome Evolution
22 CVEs affecting Gnome Evolution. Latest disclosed: 2021-05-26. Critical: 3, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-10727 | Critical | 9.8 | 2018-07-20 | camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a passwo… |
CVE-2018-12422 | Critical | 9.8 | 2018-06-15 | addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow v… |
CVE-2005-0102 | Critical | 9.8 | 2005-01-24 | Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length… |
CVE-2009-3721 | High | 7.8 | 2021-05-26 | Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted… |
CVE-2013-4166 | High | 7.5 | 2020-02-06 | The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not prope… |
CVE-2020-11879 | Medium | 6.5 | 2020-04-17 | An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of… |
CVE-2018-15587 | Medium | 6.5 | 2019-02-11 | GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signat… |
CVE-2017-17689 | Medium | 5.9 | 2018-05-16 | The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. |
CVE-2021-3349 | Low | 3.3 | 2021-02-01 | GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve e… |
CVE-2011-3201 | | 2013-03-08 | GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the fi… | |
CVE-2009-2404 | | 2009-08-03 | Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey… | |
CVE-2009-1631 | | 2009-05-14 | The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evo… | |
CVE-2008-1109 | | 2008-06-04 | Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar… | |
CVE-2008-1108 | | 2008-06-04 | Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string i… | |
CVE-2008-0072 | | 2008-03-06 | Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbi… | |
CVE-2007-3257 | | 2007-06-19 | Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE… | |
CVE-2007-1266 | | 2007-03-06 | Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between s… | |
CVE-2006-2789 | | 2006-06-02 | Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (p… | |
CVE-2006-0040 | | 2006-03-10 | GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of… | |
CVE-2006-0528 | | 2006-02-02 | The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client c… |