Evolution

evolution

Vendor: Gnome • 21 CVEs

CVEs (21)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2009-3721 2Gnome Ytnef Project 2Evolution Ytnef Nov 21, 2024 May 26, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitr...Show more Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments.Show less
CVE-2021-3349 1Gnome 1Evolution Nov 21, 2024 Feb 1, 2021 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dis...Show more GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behaviorShow less
CVE-2020-11879 1Gnome 1Evolution Nov 21, 2024 Apr 17, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or direct...Show more An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value.Show less
CVE-2013-4166 2Gnome Redhat 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 more Nov 21, 2024 Feb 6, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which mig...Show more The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.Show less
CVE-2018-15587 2Debian Gnome 2Debian Linux Evolution Nov 21, 2024 Feb 11, 2019 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
CVE-2016-10727 2Canonical Gnome 2Evolution Ubuntu Linux Nov 21, 2024 Jul 20, 2018 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will n...Show more camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.Show less
CVE-2018-12422 1Gnome 1Evolution Nov 21, 2024 Jun 15, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOT...Show more addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a large-enough buffer on the heap.Show less
CVE-2017-17689 169folders AppleBloop+13 more 17Airmail EmclientEvolution+14 more Nov 21, 2024 May 16, 2018 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
CVE-2011-3201 3Gnome OracleRedhat 5Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+2 more Apr 29, 2026 Mar 8, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.
CVE-2009-1631 1Gnome 1Evolution Apr 23, 2026 May 14, 2009 N/A· v4 N/A· v3 2.1 LOW· v2 The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to ob...Show more The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.Show less
CVE-2008-1109 1Gnome 1Evolution Apr 23, 2026 Jun 4, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in t...Show more Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).Show less
CVE-2008-1108 1Gnome 1Evolution Apr 23, 2026 Jun 4, 2008 N/A· v4 N/A· v3 7.6 HIGH· v2 Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.
CVE-2008-0072 1Gnome 1Evolution Apr 23, 2026 Mar 6, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated u...Show more Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.Show less
CVE-2007-3257 1Gnome 1Evolution Apr 23, 2026 Jun 19, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.
CVE-2007-1266 1Gnome 1Evolution Apr 23, 2026 Mar 6, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple...Show more Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.Show less
CVE-2006-2789 1Gnome 1Evolution Apr 16, 2026 Jun 2, 2006 N/A· v4 N/A· v3 2.6 LOW· v2 Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an...Show more Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used.Show less
CVE-2006-0040 1Gnome 1Evolution Apr 16, 2026 Mar 10, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml.
CVE-2006-0528 1Gnome 1Evolution Apr 16, 2026 Feb 2, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Dispos...Show more The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment.Show less
CVE-2005-2550 1Gnome 1Evolution Apr 16, 2026 Aug 12, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not pro...Show more Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.Show less
CVE-2005-2549 1Gnome 1Evolution Apr 16, 2026 Aug 12, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remot...Show more Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.Show less

12 Next