21 matches found
CVE-2018-15587
CVE-2018-15587 affects GNOME Evolution and its Evolution Data Server components. The issue allows OpenPGP signatures to be spoofed for arbitrary messages when a specially crafted email contains a valid signature from the impersonated entity. Publicly available references indicate the vulnerabilit...
CVE-2020-11879
CVE-2020-11879 affects GNOME Evolution prior to 3.35.91. A malicious or misleading website can abuse the non‑RFC6068 mailto?attach=… parameter to attach local files or directories to a composed email without warning, enabling potential information disclosure. The issue is triggered by using a pro...
CVE-2021-3349
CVE-2021-3349 concerns GNOME Evolution up to version 3.38.3, where the client can display a "+Valid signature+" for a key/identity that is unknown, because Evolution does not retrieve sufficient information from the GnuPG API. The issue is a verification/identity-trust UI quirk rather than a clas...
CVE-2017-17689
CVE-2017-17689 arises from S/MIME CBC gadget attacks (EFAIL) that can lead to plaintext exfiltration. Connected sources show this affecting KDE PIM/KMail components and related mail tooling across Linux/macOS ecosystems, with public advisories describing how S/MIME/CBC malleability could leak pla...
CVE-2013-4166
The CVE-2013-4166 issue affects GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier, where the function gpg_ctx_add_recipient in camel/camel-gpg-context.c does not correctly select the GPG key for email encryption. This could cause emails to be encrypted with the wrong k...
CVE-2005-0102
Evolution 2.0.2 and earlier is affected by CVE-2005-0102 due to an integer overflow in camel-lock-helper. A length value of -1 can cause a zero-byte allocation and a buffer overflow, enabling arbitrary code execution by local users or remote malicious POP3 servers. The issue is cited across multi...
CVE-2011-3201
CVE-2011-3201 affects GNOME Evolution prior to 3.2.3. The vulnerability allows a user-assisted remote attacker to read arbitrary files by injecting a crafted attachment parameter into a mailto: URL, causing the file to be attached to a new message. Exploitation details are described in Red Hat/Ce...
CVE-2016-10727
Evolution Data Server’s IMAPx component (camel-imapx-server.c) before version 3.21.2 allows plaintext transmission when a client requests STARTTLS but the server does not use STARTTLS, enabling password sniffing over the network. Root cause: incorrect handling that should have error-terminated th...
CVE-2008-0072
CVE-2008-0072 is a format string vulnerability in Evolution (emf_multipart_encrypted/display path) that could allow arbitrary code execution when a crafted encrypted message is opened. Affected: Evolution 2.12.3 and earlier; root cause: improper handling of format strings in encrypted mail conten...
CVE-2018-12422
CVE-2018-12422 – Evolution-Data-Server (GNOME Evolution) Affected: addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server, GNOME Evolution up to version 3.29.2. Root cause: Unsafe use of strcat on a constructed string, leading to a potential buffer overflow. Impact (per sources)...
CVE-2005-2549
Evolution contains multiple format string vulnerabilities that can crash the application or allow arbitrary code execution via remote data sources. The CVE-2005-2549 entry covers vulnerabilities triggered by: (1) full vCard data, (2) contact data from remote LDAP servers, and (3) task list data f...
CVE-2007-3257
Concretely affected: Evolution Data Server (imap-folder.c in the mailer component). The flaw arises from handling a negative SEQUENCE value used as an array index in GData, enabling remote IMAP servers to potentially execute arbitrary code. This is evidenced in CVE-2007-3257 with public advisorie...
CVE-2007-1266
CVE-2007-1266 affects Evolution 2.8.1 and earlier. The issue is that Evolution does not properly use the --status-fd argument when invoking GnuPG, preventing it from visually distinguishing between signed and unsigned portions of OpenPGP messages that have multiple components. As a result, a remo...
CVE-2009-3721
CVE-2009-3721 affects yTNEF and Evolution’s TNEF parser derived from yTNEF. The vulnerabilities are described as directory traversal and buffer overflow flaws that could allow a crafted email to cause writes to arbitrary filesystem locations, application crashes, or potentially arbitrary code exe...
CVE-2008-1108
CVE-2008-1108 affects Evolution (GNOME) and concerns a buffer overflow in iCalendar handling. Public description notes two related flaws: (1) parsing iCalendar timezone data when the Itip Formatter plugin is disabled can allow remote code execution as the user; (2) an additional heap-based overfl...
CVE-2006-0040
CVE-2006-0040 affects GNOME Evolution 2.4.2.1 and earlier. A remote attacker can trigger a denial of service by sending a text email containing a very large number of URLs, leading to increased CPU and memory usage. The root cause is noted as potentially related to gtkhtml, but the exact flaw is ...
CVE-2009-1631
Evolution 2.26.1 and earlier contains a local information‑disclosure issue in the Mailer component: .evolution directory (and related subpaths) has world‑readable permissions, enabling local users to read sensitive mail-related files. Root cause is file/directory permissions, not a remote/vector-...
CVE-2005-2550
CVE-2005-2550 corresponds to a format-string vulnerability in Evolution, affecting versions 1.4 through 2.3.6.1. The issue can be triggered via calendar entries (such as task lists) when the user selects the Calendars tab, leading to a crash and potentially arbitrary code execution. Public disclo...
CVE-2008-1109
CVE-2008-1109 affects Evolution (GNOME mail/calendar client), with a heap-based buffer overflow in parsing iCalendar attachments. If a user opens a crafted meeting reply containing an overly long "+DESCRIPTION" property, arbitrary code could be executed under the user’s privileges. The issue is t...
CVE-2006-0528
The CVE-2006-0528 entry concerns the cairo library (libcairo) used by GNOME Evolution. Affected component: cairo rendering of email attachments. Root cause: parsing an attachment with a header containing "Content-Disposition: inline" and a very long body line can trigger repeated client crashes, ...
CVE-2006-2789
Evolution 2.2.x/2.3.x on GNOME 2.7/2.8 is affected. When the option “load images if sender in addressbook” is enabled, a crafted From header can trigger an assert in camel-internet-address.c using a null pointer, causing a persistent crash (denial of service). This vulnerability is evidenced acro...