Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnome evolution-data-server vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-10727
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server prior to 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote maliciou...
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Gnome Evolution
9.8
CVSSv3
CVE-2018-12422
addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution up to and including 3.29.2 might allow malicious users to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this b...
Gnome Evolution
7.5
CVSSv3
CVE-2013-4166
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and previous versions and Evolution Data Server 3.9.5 and previous versions does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with ...
Gnome Evolution
Gnome Evolution Data Server
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
6.5
CVSSv3
CVE-2018-15587
GNOME Evolution up to and including 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
Gnome Evolution
Debian Debian Linux 8.0
5.9
CVSSv3
CVE-2020-16117
In GNOME evolution-data-server prior to 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.
Gnome Evolution-data-server
Debian Debian Linux 9.0
5.9
CVSSv3
CVE-2020-14928
evolution-data-server (eds) up to and including 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
Gnome Evolution-data-server
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
NA
CVE-2012-1177
libgdata prior to 0.10.2 and 0.11.x prior to 0.11.1 does not validate SSL certificates, which allows remote malicious users to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate.
Gnome Libgdata
NA
CVE-2009-0582
The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and previous versions, and 2.25.92 and previous versions 2.25.x versions, does not validate whether a certain leng...
Gnome Evolution-data-server
Gnome Evolution-data-server 2.25.92
NA
CVE-2007-3257
Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.
Gnome Evolution 1.11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started