Huawei EulerOS: Security Advisory for evolution-data-server (EulerOS-SA-2020-2544)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL CORE 5.05 / MAIN 5.05 : evolution-data-server Vulnerability (NS-SA-2020-0114)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has evolution-data-server packages installed that are affected by a vulnerability: - It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get...

NewStart CGSL CORE 5.04 / MAIN 5.04 : evolution-data-server Vulnerability (NS-SA-2020-0075)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has evolution-data-server packages installed that are affected by a vulnerability: - It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get...

Oracle Linux 8 : evolution (ELSA-2020-4649)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4649 advisory. - Resolves: 1859141 CVE-2020-14928: Response Injection via STARTTLS in SMTP and POP3 evolution-mapi Tenable has extracted the preceding description block direct...

TLS Response Injection

evolution-data-server is vulnerable to TLS response injection. When a server sends a 'begin TLS' response, eds reads additional data and evaluates it in a TLS context, aka "response injection" causing a STARTTLS buffering issue that affects SMTP and POP3...

evolution-data-server: Response injection via STARTTLS in SMTP and POP3

evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."...

evolution security and bug fix update

An update is available for bogofilter, evolution-mapi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Evolution is a GNOME application that provides integrated...

EulerOS 2.0 SP5 : evolution-data-server (EulerOS-SA-2020-2243)

According to the versions of the evolution-data-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a 'begin...

Huawei EulerOS: Security Advisory for evolution-data-server (EulerOS-SA-2020-2243)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for evolution-data-server (EulerOS-SA-2020-1890)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated evolution-data-server packages fix security vulnerabilities

evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection". CVE-2020-14928 In GNOME evolution-data-server before 3.35.91, a...

MGASA-2020-0351 Updated evolution-data-server packages fix security vulnerabilities

evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection". CVE-2020-14928 In GNOME evolution-data-server before 3.35.91, a...

EulerOS 2.0 SP8 : evolution-data-server (EulerOS-SA-2020-1890)

According to the version of the evolution-data-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sendi...

Amazon Linux 2 : evolution-data-server, evolution-ews (ALAS-2020-1475)

The version of evolution-data-server installed on the remote host is prior to 3.28.5-4. The version of evolution-ews installed on the remote host is prior to 3.28.5-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1475 advisory. It was discovered evolution-ews befo...

Medium: evolution-data-server, evolution-ews

Issue Overview: It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference. CVE-2019-3890 Affected...

Debian DLA-2309-1 : evolution-data-server security update

In Evolution Data Server a vulnerability was discovered that allowed a malicious server to crash the mail client. For Debian 9 stretch, this problem has been fixed in version 3.22.7-1+deb9u2. We recommend that you upgrade your evolution-data-server packages. For the detailed security status of...

Fedora 31 : evolution-data-server (2020-45041afb19)

Security fix for CVE-2020-14928 Response Injection via STARTTLS in SMTP and POP3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

Debian: Security Advisory (DLA-2309-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2309-1] evolution-data-server security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2309-1 [email protected] https://www.debian.org/lts/security/ August 02, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...

Fedora: Security Advisory for evolution-data-server (FEDORA-2020-45041afb19)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...