Vulnerabilities > Gnome > Evolution > 1.2.3

DATE CVE VULNERABILITY TITLE RISK
2021-02-01 CVE-2021-3349 Insufficient Verification of Data Authenticity vulnerability in Gnome Evolution
GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API.
local
low complexity
gnome CWE-345
3.3
2020-04-17 CVE-2020-11879 Unspecified vulnerability in Gnome Evolution
An issue was discovered in GNOME Evolution before 3.35.91.
network
gnome
4.3
2020-02-06 CVE-2013-4166 Information Exposure vulnerability in multiple products
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.
network
low complexity
gnome redhat CWE-200
7.5
2019-02-11 CVE-2018-15587 Improper Verification of Cryptographic Signature vulnerability in multiple products
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
network
gnome debian CWE-347
4.3
2018-07-20 CVE-2016-10727 Information Exposure vulnerability in multiple products
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
network
low complexity
canonical gnome CWE-200
5.0
2018-06-15 CVE-2018-12422 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Evolution
addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function.
network
low complexity
gnome CWE-119
critical
9.8
2009-05-14 CVE-2009-1631 Permissions, Privileges, and Access Controls vulnerability in Gnome Evolution
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.
local
low complexity
gnome CWE-264
2.1
2008-03-06 CVE-2008-0072 USE of Externally-Controlled Format String vulnerability in Gnome Evolution
Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.
network
linux gnome CWE-134
6.8
2007-03-06 CVE-2007-1266 Unspecified vulnerability in Gnome Evolution
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
network
low complexity
gnome
5.0
2005-01-24 CVE-2005-0102 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.
network
low complexity
gnome debian CWE-190
critical
9.8