National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:gnome:evolution:1.5
There are 9 matching records.
Vuln ID Summary CVSS Severity

GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.

Published: February 11, 2019; 12:29:00 PM -05:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.

Published: July 20, 2018; 12:29:00 AM -04:00
V2: 5.0 MEDIUM

** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a large-enough buffer on the heap."

Published: June 15, 2018; 12:29:00 PM -04:00
V2: 7.5 HIGH

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.

Published: March 08, 2013; 04:55:01 PM -05:00
V2: 4.3 MEDIUM

The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.

Published: May 14, 2009; 01:30:00 PM -04:00
V2: 2.1 LOW

Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.

Published: March 05, 2008; 07:44:00 PM -05:00
V2: 6.8 MEDIUM

Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

Published: March 06, 2007; 03:19:00 PM -05:00
V2: 5.0 MEDIUM

Multiple format string vulnerabilities in Evolution 1.5 through allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.

Published: August 12, 2005; 12:00:00 AM -04:00
V2: 7.5 HIGH

Format string vulnerability in Evolution 1.4 through allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.

Published: August 12, 2005; 12:00:00 AM -04:00
V2: 7.5 HIGH