Vulnerabilities > Gnome > Evolution

DATE CVE VULNERABILITY TITLE RISK
2008-06-04 CVE-2008-1109 Buffer Errors vulnerability in Gnome Evolution 2.22.1
Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).
network
gnome CWE-119
critical
9.3
2008-06-04 CVE-2008-1108 Buffer Errors vulnerability in Gnome Evolution 2.2.1
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.
network
high complexity
gnome CWE-119
7.6
2008-03-06 CVE-2008-0072 USE of Externally-Controlled Format String vulnerability in Gnome Evolution
Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.
network
linux gnome CWE-134
6.8
2007-06-19 CVE-2007-3257 Unspecified vulnerability in Gnome Evolution 1.11
Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.
network
gnome
6.8
2007-03-06 CVE-2007-1266 Unspecified vulnerability in Gnome Evolution
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
network
low complexity
gnome
5.0
2006-06-02 CVE-2006-2789 Denial Of Service vulnerability in GNOME Evolution Email Attachment
Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used.
network
high complexity
gnome
2.6
2006-03-10 CVE-2006-0040 Denial Of Service vulnerability in Gnome Evolution 2.4.2.1
GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml.
network
low complexity
gnome
5.0
2006-02-02 CVE-2006-0528 Buffer Overflow vulnerability in GNOME Evolution Inline XML File Attachment
The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment.
network
low complexity
gnome
5.0
2005-08-12 CVE-2005-2550 Format String vulnerability in GNOME Evolution
Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.
network
low complexity
gnome
7.5
2005-08-12 CVE-2005-2549 Format String vulnerability in GNOME Evolution
Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.
network
low complexity
gnome
7.5