Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnome evolution vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2021-39361
In GNOME evolution-rss up to and including 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
Gnome Evolution-rss
5.9
CVSSv3
CVE-2020-16117
In GNOME evolution-data-server prior to 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.
Gnome Evolution-data-server
Debian Debian Linux 9.0
5.9
CVSSv3
CVE-2020-14928
evolution-data-server (eds) up to and including 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
Gnome Evolution-data-server
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
5.9
CVSSv3
CVE-2017-17689
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
Gnome Evolution -
Mozilla Thunderbird -
Ibm Notes -
Emclient Emclient -
Horde Horde Imp -
9folders Nine -
Freron Mailmate -
Kde Kmail -
Ritlabs The Bat -
Microsoft Outlook 2013
Flipdogsolutions Maildroid -
R2mail2 R2mail2 -
Apple Mail -
Bloop Airmail -
Microsoft Outlook 2010
Microsoft Outlook 2007
Google Gmail -
Kde Trojita -
Postbox-inc Postbox -
Microsoft Outlook 2016
1 Github repository
1 Article
3.3
CVSSv3
CVE-2021-3349
GNOME Evolution up to and including 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, a...
Gnome Evolution
NA
CVE-2011-3201
GNOME Evolution prior to 3.2.3 allows user-assisted remote malicious users to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.
Oracle Solaris 11.2
Gnome Evolution 2.4
Gnome Evolution 2.0.1
Gnome Evolution 2.3.6
Gnome Evolution 1.11
Gnome Evolution 1.5
Gnome Evolution 1.2.4
Gnome Evolution 1.4.5
Gnome Evolution 1.4.6
Gnome Evolution 2.0.2
Gnome Evolution 2.12.3
Gnome Evolution 2.3.5
Gnome Evolution 1.4.4
Gnome Evolution 2.24.5
Gnome Evolution 2.26.1
Gnome Evolution 1.2.1
Gnome Evolution 2.3.2
Gnome Evolution 2.2
Gnome Evolution 2.6
Gnome Evolution 1.0.8
Gnome Evolution 2.22.1
Gnome Evolution
NA
CVE-2012-1177
libgdata prior to 0.10.2 and 0.11.x prior to 0.11.1 does not validate SSL certificates, which allows remote malicious users to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate.
Gnome Libgdata
NA
CVE-2009-1631
The Mailer component in Evolution 2.26.1 and previous versions uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.
Gnome Evolution
Gnome Evolution 1.4.6
Gnome Evolution 1.4.5
Gnome Evolution 1.2.1
Gnome Evolution 1.2
Gnome Evolution 2.0.2
Gnome Evolution 2.0.1
Gnome Evolution 2.0.0
Gnome Evolution 1.2.3
Gnome Evolution 1.2.2
Gnome Evolution 2.24
Gnome Evolution 2.12
Gnome Evolution 1.4.4
Gnome Evolution 1.4.3
Gnome Evolution 1.0.8
Gnome Evolution 2.6
Gnome Evolution 2.4
Gnome Evolution 1.4
Gnome Evolution 1.2.4
NA
CVE-2009-0582
The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and previous versions, and 2.25.92 and previous versions 2.25.x versions, does not validate whether a certain leng...
Gnome Evolution-data-server
Gnome Evolution-data-server 2.25.92
NA
CVE-2008-3533
Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and prior to 2.24 allows remote malicious users to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp wi...
Gnome Yelp
Gnome Gnome 2.20
Gnome Gnome 2.22
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »