CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2020/08/26 12:0 a.m.•21 views

Amazon Linux 2 : evolution-data-server, evolution-ews (ALAS-2020-1475)

The version of evolution-data-server installed on the remote host is prior to 3.28.5-4. The version of evolution-ews installed on the remote host is prior to 3.28.5-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1475 advisory. It was discovered evolution-ews befo...

8.1CVSS7.1AI score0.00103EPSS

Exploits0References3

Amazon•added 2020/08/24 12:0 a.m.•23 views

Medium: evolution-data-server, evolution-ews

Issue Overview: It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference. CVE-2019-3890 Affected...

8.1CVSS8.2AI score0.00103EPSS

Exploits0

Tenable Nessus•added 2020/08/03 12:0 a.m.•25 views

Debian DLA-2309-1 : evolution-data-server security update

In Evolution Data Server a vulnerability was discovered that allowed a malicious server to crash the mail client. For Debian 9 stretch, this problem has been fixed in version 3.22.7-1+deb9u2. We recommend that you upgrade your evolution-data-server packages. For the detailed security status of...

5.9CVSS6.7AI score0.01593EPSS

OpenVAS•added 2020/08/03 12:0 a.m.•20 views

Debian: Security Advisory (DLA-2309-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.2AI score0.01593EPSS

Tenable Nessus•added 2020/08/03 12:0 a.m.•25 views

Fedora 31 : evolution-data-server (2020-45041afb19)

Security fix for CVE-2020-14928 Response Injection via STARTTLS in SMTP and POP3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

5.9CVSS6.9AI score0.06354EPSS

Debian•added 2020/08/02 9:17 p.m.•55 views

[SECURITY] [DLA 2309-1] evolution-data-server security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2309-1 [email protected] https://www.debian.org/lts/security/ August 02, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...

5.9CVSS5.5AI score0.01593EPSS

OSV•added 2020/08/02 12:0 a.m.•18 views

DLA-2309-1 evolution-data-server - security update

Bulletin has no description...

5.9CVSS5.8AI score0.01593EPSS

OpenVAS•added 2020/08/02 12:0 a.m.•16 views

Fedora: Security Advisory for evolution-data-server (FEDORA-2020-45041afb19)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.9CVSS6.2AI score0.06354EPSS

Fedora•added 2020/08/01 1:18 a.m.•23 views

[SECURITY] Fedora 31 Update: evolution-data-server-3.34.4-2.fc31

The evolution-data-server package provides a unified backend for programs t hat work with contacts, tasks, and calendar information. It was originally developed for Evolution hence the name, but is now used by other packages...

5.9CVSS1.9AI score0.06354EPSS

RedhatCVE•added 2020/07/30 2:13 p.m.•30 views

CVE-2020-16117

A NULL pointer dereference flaw was found in the GNOME evolution-data-server when a mail client parses invalid messages from a malicious server. This flaw allows an attacker who controls a mail server the ability to crash the mail clients. The highest threat from this vulnerability is to system...

4.3CVSS3.5AI score0.01593EPSS

Exploits1References3

NVD•added 2020/07/29 6:15 p.m.•20 views

CVE-2020-16117

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid e.g., minimal CAPABILITY line on a connection attempt. This is related to imapxfreecapability and imapxconnecttoserver...

5.9CVSS5.5AI score0.01593EPSS

OSV•added 2020/07/29 6:15 p.m.•19 views

CVE-2020-16117

5.9CVSS6.6AI score

Exploits0References4

UbuntuCve•added 2020/07/29 6:15 p.m.•21 views

CVE-2020-16117

5.9CVSS6.8AI score0.01593EPSS

Debian CVE•added 2020/07/29 5:59 p.m.•30 views

CVE-2020-16117

5.9CVSS6AI score0.01593EPSS

Cvelist•added 2020/07/29 5:59 p.m.•18 views

CVE-2020-16117

5.5AI score0.01593EPSS

CVE•added 2020/07/29 5:59 p.m.•201 views

CVE-2020-16117

CVE-2020-16117 affects GNOME evolution-data-server, prior to 3.35.91. A malicious server can crash the mail client by sending an invalid CAPABILITY line during a connection, causing a NULL pointer dereference in the imapx_free_capability/imapx_connect_to_server path. The issue is a client-side cr...

5.9CVSS5.4AI score0.01593EPSS

Exploits1References4Affected Software1

Tenable Nessus•added 2020/07/23 12:0 a.m.•28 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Evolution Data Server vulnerability (USN-4429-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4429-1 advisory. It was discovered that Evolution Data Server incorrectly handled STARTTLS when using SMTP and POP3. A remote attacker could possibly use...

5.9CVSS7AI score0.06354EPSS

OpenVAS•added 2020/07/23 12:0 a.m.•20 views

Ubuntu: Security Advisory (USN-4429-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.2AI score0.06354EPSS