evolution data server vulnerabilities and exploits

(subscribe to this query)

5.8

CVSSv2

The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and previous versions, and 2.25.92 and previous versions 2.25.x versions, does not validate whether a certain leng...

Gnome Evolution-data-server Gnome Evolution-data-server 2.25.92

7.5

CVSSv2

Multiple integer overflows in Evolution Data Server (aka evolution-data-server) prior to 2.24.5 allow context-dependent malicious users to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) cam...

Go-evolution Evolution-data-server

4.3

CVSSv2

In GNOME evolution-data-server prior to 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

Gnome Evolution-data-server Debian Debian Linux 9.0

5

CVSSv2

The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and previous versions and Evolution Data Server 3.9.5 and previous versions does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with ...

Gnome Evolution Gnome Evolution Data Server Redhat Enterprise Linux Desktop 6.0 Redhat Enterprise Linux Server 6.0 Redhat Enterprise Linux Workstation 6.0

4.3

CVSSv2

evolution-data-server3 3.0.3 up to and including 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the v...

Gnome Evolution-data-server3

5

CVSSv2

Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote malicious users to spoof a signature by modifying the latter copy, a different vulnerability than CV...

Evolution Evolution 2.22.3.1

6.8

CVSSv2

Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.

Gnome Evolution 1.11

7.5

CVSSv2

addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution up to and including 3.29.2 might allow malicious users to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this b...

Gnome Evolution

5

CVSSv2

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server prior to 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote maliciou...

Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 14.04 Gnome Evolution

4.3

CVSSv2

evolution-data-server (eds) up to and including 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."

Gnome Evolution-data-server Debian Debian Linux 9.0 Debian Debian Linux 10.0 Fedoraproject Fedora 31 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 20.04

Get Started

1 2 3 4 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook