7 matches found
DEBIAN-CVE-2026-2604
A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or...
Medium: evolution-data-server
Issue Overview: The Evolution backend server exposes the D-Bus service org.gnome.evolution.dataserver.AddressBook, that can be used in order to manage contacts. A Flatpak application with access to this D-Bus service can exploit this issue in order to gain arbitrary file deletion on the host...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : evolution-data-server (SUSE-SU-2026:0775-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0775-1 advisory. This update for evolution-data-server fixes the following issue: - CVE-2026-2604: arbitrary file deletion...
SUSE-SU-2026:0776-1 Security update for evolution-data-server
This update for evolution-data-server fixes the following issue: - CVE-2026-2604: arbitrary file deletion via inconsistent URI handling bsc1258307...
evolution-data-server-3.58.3-2.1 on GA media (moderate)
evolution-data-server-3.58.3-2.1 on GA media Announcement ID: openSUSE-SU-2026:10262-1 Rating: moderate Cross-References: CVE-2026-2604 CVSS scores: CVE-2026-2604 SUSE : 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L CVE-2026-2604 SUSE : 6.8...
CVE-2026-2604
creationtimestamp| type| source ---|---|--- 2026-02-23 16:40:13+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3mfk3qbdke22b 2026-06-17 00:31:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moh2quqanb2t...
SUSE CVE-2026-2604
A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or...