8 matches found
CVE-2005-0806
CVE-2005-0806 affects Evolution (notably 2.0.3) and enables a remote attacker to cause a denial of service (application crash or hang) by sending crafted messages, with possible involvement of charset handling in attachment filenames. The issue is corroborated by multiple advisories: RHSA-2005:39...
CVE-2003-0128
The CVE-2003-0128 family affects Ximian Evolution Mail User Agent (MUA) prior to version 1.2.3, via the try_uudecoding function in mail-format.c that decodes UUEncoded headers. The vulnerability can cause a denial of service (crash) and may allow arbitrary code execution through crafted UUE heade...
CVE-2003-0300
CVE-2003-0300 concerns the IMAP Client for Sylpheed 0.8.11. A remote IMAP server can trigger a denial-of-service (crash) by sending certain large literal size values that lead to signedness errors or integer overflow in the client. The available sources describe the vulnerability as a DoS conditi...
CVE-2003-0130
The CVE-2003-0130 issue affects Ximian Evolution Mail User Agent (Evolution 1.2.2 and earlier). The vulnerability lies in the handle_image() function in mail-format.c, which does not escape HTML characters in the Content-ID-derived string, enabling remote attackers to inject arbitrary data and HT...
CVE-2003-0129
CVE-2003-0129 affects Ximian Evolution Mail User Agent up to version 1.2.2, allowing remote attackers to cause memory exhaustion/DoS by uuencoding a mail message multiple times. Related issues CAN-2003-0128 and CAN-2003-0130 are addressed in the same advisory. Vendor patch: Evolution 1.2.3 releas...
CVE-2002-1471
The CVE-2002-1471 issue concerns the camel component used by Ximian Evolution 1.0.x and earlier. It does not verify TLS/SSL certificates when establishing a new SSL connection after an initial verification, which could allow remote attackers to perform a man-in-the-middle attack to monitor or mod...
CVE-2003-0296
The CVE-2003-0296 entry concerns the IMAP Client for Evolution 1.2.4. The issue arises from handling of certain large literal size values, triggering integer signedness errors or integer overflow in parsing, which can lead to denial of service and potentially arbitrary code execution. Affected co...
CVE-2002-1765
This CVE concerns Evolution 1.0.3 and 1.0.4. A remote attacker can trigger a denial of service by sending an email with a malformed MIME header, causing memory consumption and a crash. The documents do not specify additional affected components beyond the Evolution versions cited, nor provide exp...