Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnome evolution vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2021-39361
In GNOME evolution-rss up to and including 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
Gnome Evolution-rss
7.8
CVSSv3
CVE-2009-3721
Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially ...
Gnome Evolution
Ytnef Project Ytnef
7.5
CVSSv3
CVE-2016-20011
libgrss up to and including 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote malicious users to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.
Gnome Libgrss
3.3
CVSSv3
CVE-2021-3349
GNOME Evolution up to and including 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, a...
Gnome Evolution
5.9
CVSSv3
CVE-2020-16117
In GNOME evolution-data-server prior to 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.
Gnome Evolution-data-server
Debian Debian Linux 9.0
5.9
CVSSv3
CVE-2020-14928
evolution-data-server (eds) up to and including 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
Gnome Evolution-data-server
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
6.5
CVSSv3
CVE-2020-11879
An issue exists in GNOME Evolution prior to 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warn...
Gnome Evolution
2 Articles
7.5
CVSSv3
CVE-2013-4166
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and previous versions and Evolution Data Server 3.9.5 and previous versions does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with ...
Gnome Evolution
Gnome Evolution Data Server
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
7.3
CVSSv3
CVE-2011-3355
evolution-data-server3 3.0.3 up to and including 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the v...
Gnome Evolution-data-server3
8.1
CVSSv3
CVE-2019-3890
It exists evolution-ews prior to 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.
Gnome Evolution-ews
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »