Vulnerabilities > Gnome > Evolution
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-26 | CVE-2009-3721 | Path Traversal vulnerability in multiple products Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. | 6.8 |
| 2021-02-01 | CVE-2021-3349 | Insufficient Verification of Data Authenticity vulnerability in Gnome Evolution GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. | 3.3 |
| 2020-04-17 | CVE-2020-11879 | Unspecified vulnerability in Gnome Evolution An issue was discovered in GNOME Evolution before 3.35.91. network gnome | 4.3 |
| 2020-02-06 | CVE-2013-4166 | Information Exposure vulnerability in multiple products The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. | 7.5 |
| 2019-02-11 | CVE-2018-15587 | Improper Verification of Cryptographic Signature vulnerability in multiple products GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. | 4.3 |
| 2018-07-20 | CVE-2016-10727 | Information Exposure vulnerability in multiple products camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
| 2018-06-15 | CVE-2018-12422 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Evolution addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. | 9.8 |
| 2018-05-16 | CVE-2017-17689 | The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | 4.3 |
| 2009-08-03 | CVE-2009-2404 | Buffer Errors vulnerability in Mozilla Network Security Services 3.12.3 Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. | 9.3 |
| 2009-05-14 | CVE-2009-1631 | Permissions, Privileges, and Access Controls vulnerability in Gnome Evolution The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. | 2.1 |