374 matches found
CVE-2026-2604
A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or...
CVE-2026-2604
Summary: CVE-2026-2604 affects evolution-data-server. An inconsistent comparison logic in the addressbook backend lets a Flatpak/D-Bus user craft a malicious URI with directory traversal sequences. This URI is stored during contact creation/modification and later rechecked with lower strictness d...
CVE-2026-2604 Evolution-data-server: evolution data server: arbitrary file deletion via inconsistent uri handling
A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or...
OESA-2026-2633 evolution-data-server security update
The evolution-data-server package provides a personal information management application that provides integrated mail, calendaring and address book functionality. The evolution-data-server package provides a single database for common, desktop-wide information, such as a user's address book or...
OESA-2026-2632 evolution-data-server security update
The evolution-data-server package provides a personal information management application that provides integrated mail, calendaring and address book functionality. The evolution-data-server package provides a single database for common, desktop-wide information, such as a user's address book or...
Security update for evolution-data-server (moderate)
openSUSE security update: security update for evolution-data-server ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20864-1 Rating: moderate References: bsc1258307 Cross-References: CVE-2026-2604 CVSS scores: CVE-2026-2604 SUSE : 5.6...
USN-8055-2: Evolution Data Server vulnerability
USN-8055-1 fixed a vulnerability in Evolution Data Server. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Evolution Data Server incorrectly handled removing local cache files. An attacker could possibly us...
USN-8055-2 evolution-data-server vulnerability
USN-8055-1 fixed a vulnerability in Evolution Data Server. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Evolution Data Server incorrectly handled removing local cache files. An attacker could possibly us...
OPENSUSE-SU-2026:20864-1 Security update for evolution-data-server
This update for evolution-data-server fixes the following issues: - CVE-2026-2604: Canonicalize path before local cache file removal. bsc1258307...
OESA-2026-2356 evolution-data-server security update
The evolution-data-server package provides a personal information management application that provides integrated mail, calendaring and address book functionality. The evolution-data-server package provides a single database for common, desktop-wide information, such as a user's address book or...
OESA-2026-2355 evolution-data-server security update
The evolution-data-server package provides a personal information management application that provides integrated mail, calendaring and address book functionality. The evolution-data-server package provides a single database for common, desktop-wide information, such as a user's address book or...
OESA-2026-2354 evolution-data-server security update
The evolution-data-server package provides a personal information management application that provides integrated mail, calendaring and address book functionality. The evolution-data-server package provides a single database for common, desktop-wide information, such as a user's address book or...
Astra Linux – Vulnerability in evolution-data-server
In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client by dereferencing a NULL pointer, by sending an invalid e.g., minimal CAPABILITY line during a connection attempt. This issue is related to the imapxfreecapability and imapxconnecttoserver functions...
Debian: Security Advisory (DLA-4503-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 4503-1] evolution-data-server security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4503-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz March 19, 2026 https://wiki.debian.org/LTS -...
CVE-2023-43010
A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling. Mitigation Do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server,...
Debian dla-4503 : evolution-data-server - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4503 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4503-1 [email protected] https://www.debian.org/lts/security/...
DLA-4503-1 evolution-data-server - security update
Bulletin has no description...
Medium: evolution-data-server
Issue Overview: The Evolution backend server exposes the D-Bus service org.gnome.evolution.dataserver.AddressBook, that can be used in order to manage contacts. A Flatpak application with access to this D-Bus service can exploit this issue in order to gain arbitrary file deletion on the host...
Amazon Linux 2 : evolution-data-server, --advisory ALAS2-2026-3179 (ALAS-2026-3179)
The version of evolution-data-server installed on the remote host is prior to 3.28.5-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3179 advisory. The Evolution backend server exposes the D-Bus service org.gnome.evolution.dataserver.AddressBook, that can be used ...