2068 matches found
CVE-2020-11879
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as...
DEBIAN-CVE-2020-11879
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as...
Code injection
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as...
CVE-2020-11879
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as...
UBUNTU-CVE-2020-11879
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as...
CVE-2020-11879
CVE-2020-11879 affects GNOME Evolution prior to 3.35.91. A malicious or misleading website can abuse the non‑RFC6068 mailto?attach=… parameter to attach local files or directories to a composed email without warning, enabling potential information disclosure. The issue is triggered by using a pro...
CVE-2020-11879
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as...
CVE-2020-11879
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as...
Arbitrary Code Execution
evolution is vulnerablet o arbitrary code execution. Multiple integer overflow flaws which could cause heap-based buffer overflows were found in the Base64 encoding routines used by Evolution Data Server. This could cause an application using Evolution Data Server to crash, or, possibly, execute ...
Signature Spoofing
evolution is vulnerable to signature spoofing. The vulnerability exists as evolution did not properly check the Secure/Multipurpose Internet Mail Extensions S/MIME signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by...
Denial Of Service (DoS)
evolution is vulnerable to denial of service. It was discovered that Evolution Data Server did not properly validate NTLM NT LAN Manager authentication challenge packets. A malicious server using NTLM authentication could cause an application using Evolution Data Server to disclose portions of it...
Arbitrary Code Execution
evolution is vulnerable to arbitrary code execution. A heap-based buffer overflow flaw was found in the way Evolution parsed iCalendar attachments with an overly long "DESCRIPTION" property string. If a user responded to a carefully crafted iCalendar attachment in a particular way, arbitrary code...
Arbitrary Code Execution
evolution is vulnerable to arbitrary code execution. A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If mail which included a carefully crafted iCalendar attachment was opened, arbitrary code could be executed as the user running Evolution...
Arbitrary Code Execution
evolution is vulnerable to arbitrary code execution. A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution...
Arbitrary Code Execution
evolution is vulnerable to arbitrary code execution. A flaw was found in the way Evolution processes certain IMAP server messages. If a user can be tricked into connecting to a malicious IMAP server it may be possible to execute arbitrary code as the user running evolution...
CentOS 7 : evolution (RHSA-2020:1080)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1080 advisory. - GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a...
CVE-2020-1620
A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log. This issue affects all versions of Junos OS Evolved prior to 19.3R1...
evolution security and bug fix update
atk 2.28.1-2 - Remove patch to fix invalid unref at atkgobjectaccessibleobjectgonecb - Resolves: 1753123 evolution 3.28.5-8 - Update patch for RH bug 1686408 CVE-2018-15587: Reposition signature bar 3.28.5-7 - Add patch for RH bug 1686408 CVE-2018-15587: Reposition signature bar 3.28.5-6 - Add...
CVE-2019-3890
It was discovered evolution-ews does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference...
RHEL 7 : evolution (RHSA-2020:1080)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1080 advisory. Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The...