Vulnerabilities > Gnome > Evolution > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-05-26 CVE-2009-3721 Path Traversal vulnerability in multiple products
Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF.
6.8
2020-04-17 CVE-2020-11879 Unspecified vulnerability in Gnome Evolution
An issue was discovered in GNOME Evolution before 3.35.91.
network
gnome
4.3
2019-02-11 CVE-2018-15587 Improper Verification of Cryptographic Signature vulnerability in multiple products
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
network
gnome debian CWE-347
4.3
2018-07-20 CVE-2016-10727 Information Exposure vulnerability in multiple products
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
network
low complexity
canonical gnome CWE-200
5.0
2018-05-16 CVE-2017-17689 The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. 4.3
2008-03-06 CVE-2008-0072 USE of Externally-Controlled Format String vulnerability in Gnome Evolution
Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.
network
linux gnome CWE-134
6.8
2007-06-19 CVE-2007-3257 Unspecified vulnerability in Gnome Evolution 1.11
Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.
network
gnome
6.8
2007-03-06 CVE-2007-1266 Unspecified vulnerability in Gnome Evolution
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
network
low complexity
gnome
5.0
2006-03-10 CVE-2006-0040 Denial Of Service vulnerability in Gnome Evolution 2.4.2.1
GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml.
network
low complexity
gnome
5.0
2006-02-02 CVE-2006-0528 Buffer Overflow vulnerability in GNOME Evolution Inline XML File Attachment
The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment.
network
low complexity
gnome
5.0