Lucene search
K
GnomeEvolution

21 matches found

CVE
CVE
added 2019/02/11 5:0 p.m.419 views

CVE-2018-15587

CVE-2018-15587 affects GNOME Evolution and its Evolution Data Server components. The issue allows OpenPGP signatures to be spoofed for arbitrary messages when a specially crafted email contains a valid signature from the impersonated entity. Publicly available references indicate the vulnerabilit...

6.5CVSS6.5AI score0.02443EPSS
CVE
CVE
added 2020/04/17 5:7 p.m.168 views

CVE-2020-11879

CVE-2020-11879 affects GNOME Evolution prior to 3.35.91. A malicious or misleading website can abuse the non‑RFC6068 mailto?attach=… parameter to attach local files or directories to a composed email without warning, enabling potential information disclosure. The issue is triggered by using a pro...

6.5CVSS6.2AI score0.02682EPSS
CVE
CVE
added 2021/02/01 4:4 a.m.164 views

CVE-2021-3349

CVE-2021-3349 concerns GNOME Evolution up to version 3.38.3, where the client can display a "+Valid signature+" for a key/identity that is unknown, because Evolution does not retrieve sufficient information from the GnuPG API. The issue is a verification/identity-trust UI quirk rather than a clas...

3.3CVSS3.7AI score0.00346EPSS
CVE
CVE
added 2018/05/16 7:0 p.m.126 views

CVE-2017-17689

CVE-2017-17689 arises from S/MIME CBC gadget attacks (EFAIL) that can lead to plaintext exfiltration. Connected sources show this affecting KDE PIM/KMail components and related mail tooling across Linux/macOS ecosystems, with public advisories describing how S/MIME/CBC malleability could leak pla...

5.9CVSS5.6AI score0.04219EPSS
CVE
CVE
added 2020/02/06 2:29 p.m.110 views

CVE-2013-4166

The CVE-2013-4166 issue affects GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier, where the function gpg_ctx_add_recipient in camel/camel-gpg-context.c does not correctly select the GPG key for email encryption. This could cause emails to be encrypted with the wrong k...

7.5CVSS7.2AI score0.0189EPSS
CVE
CVE
added 2005/01/29 5:0 a.m.103 views

CVE-2005-0102

Evolution 2.0.2 and earlier is affected by CVE-2005-0102 due to an integer overflow in camel-lock-helper. A length value of -1 can cause a zero-byte allocation and a buffer overflow, enabling arbitrary code execution by local users or remote malicious POP3 servers. The issue is cited across multi...

9.8CVSS9.4AI score0.03179EPSS
CVE
CVE
added 2013/03/08 9:0 p.m.94 views

CVE-2011-3201

CVE-2011-3201 affects GNOME Evolution prior to 3.2.3. The vulnerability allows a user-assisted remote attacker to read arbitrary files by injecting a crafted attachment parameter into a mailto: URL, causing the file to be attached to a new message. Exploitation details are described in Red Hat/Ce...

4.3CVSS6.5AI score0.02673EPSS
CVE
CVE
added 2018/07/20 4:0 a.m.91 views

CVE-2016-10727

Evolution Data Server’s IMAPx component (camel-imapx-server.c) before version 3.21.2 allows plaintext transmission when a client requests STARTTLS but the server does not use STARTTLS, enabling password sniffing over the network. Root cause: incorrect handling that should have error-terminated th...

9.8CVSS9.1AI score0.02889EPSS
CVE
CVE
added 2008/03/06 12:0 a.m.82 views

CVE-2008-0072

CVE-2008-0072 is a format string vulnerability in Evolution (emf_multipart_encrypted/display path) that could allow arbitrary code execution when a crafted encrypted message is opened. Affected: Evolution 2.12.3 and earlier; root cause: improper handling of format strings in encrypted mail conten...

6.8CVSS7.1AI score0.06018EPSS
CVE
CVE
added 2018/06/15 4:0 p.m.81 views

CVE-2018-12422

CVE-2018-12422 – Evolution-Data-Server (GNOME Evolution) Affected: addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server, GNOME Evolution up to version 3.29.2. Root cause: Unsafe use of strcat on a constructed string, leading to a potential buffer overflow. Impact (per sources)...

9.8CVSS7.4AI score0.01844EPSS
CVE
CVE
added 2005/08/12 4:0 a.m.80 views

CVE-2005-2549

Evolution contains multiple format string vulnerabilities that can crash the application or allow arbitrary code execution via remote data sources. The CVE-2005-2549 entry covers vulnerabilities triggered by: (1) full vCard data, (2) contact data from remote LDAP servers, and (3) task list data f...

7.5CVSS7.6AI score0.04426EPSS
CVE
CVE
added 2007/06/19 4:0 p.m.79 views

CVE-2007-3257

Concretely affected: Evolution Data Server (imap-folder.c in the mailer component). The flaw arises from handling a negative SEQUENCE value used as an array index in GData, enabling remote IMAP servers to potentially execute arbitrary code. This is evidenced in CVE-2007-3257 with public advisorie...

6.8CVSS7.1AI score0.03122EPSS
CVE
CVE
added 2007/03/06 8:0 p.m.74 views

CVE-2007-1266

CVE-2007-1266 affects Evolution 2.8.1 and earlier. The issue is that Evolution does not properly use the --status-fd argument when invoking GnuPG, preventing it from visually distinguishing between signed and unsigned portions of OpenPGP messages that have multiple components. As a result, a remo...

5CVSS6.4AI score0.05049EPSS
CVE
CVE
added 2021/05/26 9:6 p.m.70 views

CVE-2009-3721

CVE-2009-3721 affects yTNEF and Evolution’s TNEF parser derived from yTNEF. The vulnerabilities are described as directory traversal and buffer overflow flaws that could allow a crafted email to cause writes to arbitrary filesystem locations, application crashes, or potentially arbitrary code exe...

7.8CVSS8.2AI score0.01612EPSS
CVE
CVE
added 2008/06/04 8:0 p.m.69 views

CVE-2008-1108

CVE-2008-1108 affects Evolution (GNOME) and concerns a buffer overflow in iCalendar handling. Public description notes two related flaws: (1) parsing iCalendar timezone data when the Itip Formatter plugin is disabled can allow remote code execution as the user; (2) an additional heap-based overfl...

7.6CVSS7.4AI score0.05694EPSS
CVE
CVE
added 2006/03/10 1:0 a.m.68 views

CVE-2006-0040

CVE-2006-0040 affects GNOME Evolution 2.4.2.1 and earlier. A remote attacker can trigger a denial of service by sending a text email containing a very large number of URLs, leading to increased CPU and memory usage. The root cause is noted as potentially related to gtkhtml, but the exact flaw is ...

5CVSS6.7AI score0.01946EPSS
CVE
CVE
added 2009/05/14 5:0 p.m.61 views

CVE-2009-1631

Evolution 2.26.1 and earlier contains a local information‑disclosure issue in the Mailer component: .evolution directory (and related subpaths) has world‑readable permissions, enabling local users to read sensitive mail-related files. Root cause is file/directory permissions, not a remote/vector-...

2.1CVSS5.9AI score0.0044EPSS
CVE
CVE
added 2005/08/12 4:0 a.m.58 views

CVE-2005-2550

CVE-2005-2550 corresponds to a format-string vulnerability in Evolution, affecting versions 1.4 through 2.3.6.1. The issue can be triggered via calendar entries (such as task lists) when the user selects the Calendars tab, leading to a crash and potentially arbitrary code execution. Public disclo...

7.5CVSS7.4AI score0.04426EPSS
CVE
CVE
added 2008/06/04 8:0 p.m.57 views

CVE-2008-1109

CVE-2008-1109 affects Evolution (GNOME mail/calendar client), with a heap-based buffer overflow in parsing iCalendar attachments. If a user opens a crafted meeting reply containing an overly long "+DESCRIPTION" property, arbitrary code could be executed under the user’s privileges. The issue is t...

9.3CVSS7.5AI score0.05748EPSS
CVE
CVE
added 2006/02/02 11:0 a.m.55 views

CVE-2006-0528

The CVE-2006-0528 entry concerns the cairo library (libcairo) used by GNOME Evolution. Affected component: cairo rendering of email attachments. Root cause: parsing an attachment with a header containing "Content-Disposition: inline" and a very long body line can trigger repeated client crashes, ...

5CVSS6.7AI score0.10765EPSS
CVE
CVE
added 2006/06/02 10:0 p.m.52 views

CVE-2006-2789

Evolution 2.2.x/2.3.x on GNOME 2.7/2.8 is affected. When the option “load images if sender in addressbook” is enabled, a crafted From header can trigger an assert in camel-internet-address.c using a null pointer, causing a persistent crash (denial of service). This vulnerability is evidenced acro...

2.6CVSS6.4AI score0.02077EPSS