ALBA-2021:4180 evolution, evolution-data-server, evolution-ews bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

evolution, evolution-data-server, evolution-ews bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

evolution, evolution-data-server, evolution-ews bug fix and enhancement update

An update is available for evolution, evolution-ews, evolution-mapi, evolution-data-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed...

NewStart CGSL MAIN 6.02 : evolution-data-server Vulnerability (NS-SA-2021-0128)

The remote NewStart CGSL host, running version MAIN 6.02, has evolution-data-server packages installed that are affected by a vulnerability: - evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a begin TLS response, eds reads...

VulnCheck KEV: CVE-2021-26084

Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language OGNL injection vulnerability that may allow an unauthenticated attacker to execute code...

Johnsoncontrols Metasys Improper Restriction of XML External Entity Reference

XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server ADS, ADS-Lite versions 10.1 and prior; Metasys Extended Application and...

Advisory ROSA-SA-2021-1831

Software: evolution-data-server 3.28.5 OS: Cobalt 7.9 CVE-ID: CVE-2020-14928 CVE-Crit: MEDIUM CVE-DESC: From evolution-data-server eds to 3.36.3 there is an issue with STARTTLS buffering that affects SMTP and POP3. When the server sends a "start TLS" response, eds reads additional data and...

SUSE: Security Advisory (SUSE-SU-2014:1519-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-4723

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129...

CVE-2019-4723

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129...

Design/Logic Flaw

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129...

CVE-2019-4723

CVE-2019-4723 affects IBM Cognos Analytics 11.0 and 11.1, where a remote attacker could obtain credentials from a user's browser due to incorrect autocomplete settings in the New Data Server Connection page. Root cause/impact are described in IBM/IBM X-Force references; cloud versions are address...

CVE-2019-4723

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. IBM X-Force ID: 172129...

IBM Cognos Analytics 授权问题漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. An information disclosure...

Oracle Linux 8 : evolution (ELSA-2021-1752)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-1752 advisory. - Resolves: 1862403 CVE-2020-16117: Crash on malformed server response with minimal capabilities evolution-ews Tenable has extracted the preceding description...

Denial Of Service (DoS)

evolution-data-server is vulnerable to denial of service DoS. The vulnerability exists through a NULL pointer dereference by sending an invalid e.g., minimal CAPABILITY line on a connection attempt...

CentOS 8 : evolution (CESA-2021:1752)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:1752 advisory. - evolution-data-server: NULL pointer dereference related to imapxfreecapability and imapxconnecttoserver CVE-2020-16117 Note that Nessus has not tested for thi...

evolution-data-server: NULL pointer dereference related to imapx_free_capability and imapx_connect_to_server

A NULL pointer dereference flaw was found in the GNOME evolution-data-server when a mail client parses invalid messages from a malicious server. This flaw allows an attacker who controls a mail server the ability to crash the mail clients. The highest threat from this vulnerability is to system...

evolution security, bug fix, and enhancement update

An update is available for evolution, evolution-ews, evolution-data-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Evolution is a GNOME application that...

ALSA-2021:1752 Low: evolution security, bug fix, and enhancement update

Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Evolution Data Server was...