evolution vulnerabilities and exploits

4.3
MEDIUM
CVE-2018-15587

GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment....

NA
CVE-2018-12404

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From SUSE_CVE-2018-12404: This CVE is addressed in the SUSE advisories openSUSE-SU-2018:4117-1....

NA
CVE-2018-12384

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From ELSA-2018-2898: [3.36.0-9.0.1] - Added nss-vendor.patch to change vendor - Temporarily disable some tests until expir...

3.5
LOW
CVE-2018-16638

Evolution CMS 1.4.x allows XSS via the manager/ search parameter....

3.5
LOW
CVE-2018-16637

Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI....

6.8
MEDIUM
CVE-2018-1000889

Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that can result in information leak, possible RCE depending on system configuration. ...

4.3
MEDIUM
CVE-2016-8635

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group....

5
MEDIUM
CVE-2016-10727

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers ...

7.5
HIGH
CVE-2018-12422

** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this beca...

1.9
LOW
CVE-2018-0495

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Numbe...

4.3
MEDIUM
CVE-2016-9074

An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50....