Vulnerabilities > Gnome > Evolution > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-26 | CVE-2009-3721 | Path Traversal vulnerability in multiple products Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. | 6.8 |
| 2020-04-17 | CVE-2020-11879 | Unspecified vulnerability in Gnome Evolution An issue was discovered in GNOME Evolution before 3.35.91. network gnome | 4.3 |
| 2019-02-11 | CVE-2018-15587 | Improper Verification of Cryptographic Signature vulnerability in multiple products GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. | 4.3 |
| 2018-07-20 | CVE-2016-10727 | Information Exposure vulnerability in multiple products camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
| 2018-05-16 | CVE-2017-17689 | The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | 4.3 |
| 2008-03-06 | CVE-2008-0072 | USE of Externally-Controlled Format String vulnerability in Gnome Evolution Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. | 6.8 |
| 2007-06-19 | CVE-2007-3257 | Unspecified vulnerability in Gnome Evolution 1.11 Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index. network gnome | 6.8 |
| 2007-03-06 | CVE-2007-1266 | Unspecified vulnerability in Gnome Evolution Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | 5.0 |
| 2006-03-10 | CVE-2006-0040 | Denial Of Service vulnerability in Gnome Evolution 2.4.2.1 GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml. | 5.0 |
| 2006-02-02 | CVE-2006-0528 | Buffer Overflow vulnerability in GNOME Evolution Inline XML File Attachment The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment. | 5.0 |