CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3349
https://notcve.org/view.php?id=CVE-2021-3349
01 Feb 2021 — GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior ** EN DISPUTA ** GNOME Evolution versiones hasta 3.38.3, produce un mensaje "Valid signature" para un identificador desconocido en una clave previamente confiable porque Evolution no ... • https://dev.gnupg.org/T4735 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11879
https://notcve.org/view.php?id=CVE-2020-11879
17 Apr 2020 — An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value. Se descubrió un problema en GNOME Evolution anterior a la versión 3.35.91. Al utilizar el parámetro "mailto Attach = ..." patentado (no RFC6068), un sitio web (u otra fuente de enla... • https://gitlab.gnome.org/GNOME/evolution/-/blob/master/NEWS •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2018-15587 – evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages
https://notcve.org/view.php?id=CVE-2018-15587
11 Feb 2019 — GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. GNOME Evolution, hasta la versión 3.28.2, es propenso a que las firmas OpenPGP sean suplantadas para mensajes arbitrarios empleando un correo electrónico especialmente manipulado que contiene una firma válida de la entidad que será suplantada como adjunto. Evolution is a GNOME application that p... • https://packetstorm.news/files/id/152703 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2016-10727 – Ubuntu Security Notice USN-3724-1
https://notcve.org/view.php?id=CVE-2016-10727
20 Jul 2018 — camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly. camel/providers/imapx/camel-imapx-server.c en el componente IMAPx en GNO... • https://bugzilla.redhat.com/show_bug.cgi?id=1334842 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12422
https://notcve.org/view.php?id=CVE-2018-12422
15 Jun 2018 — addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a large-enough buffer on the heap. ** EN DISPUTA ** addressbook/backends/ldap/e-book-backend-ldap.c en Evolution-Data-Server en GNOME Evolution hasta la versión 3.29.2... • https://bugzilla.gnome.org/show_bug.cgi?id=796174 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4166 – evolution: incorrect selection of recipient gpg public key for encrypted mail
https://notcve.org/view.php?id=CVE-2013-4166
01 Aug 2013 — The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. La función gpg_ctx_add_recipient en el archivo camel/camel-gpg-context.c en GNOME Evolution versiones 3.8.4 y anteriores y Evolution Data Server versiones 3.9.5 y anteriores, no ... • http://rhn.redhat.com/errata/RHSA-2013-1540.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-697: Incorrect Comparison •
CVSS: 6.5EPSS: 0%CPEs: 49EXPL: 0CVE-2011-3201 – evolution: mailto URL scheme attachment header improper input validation
https://notcve.org/view.php?id=CVE-2011-3201
08 Mar 2013 — GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email. GNOME Evolution antes de v3.2.3 permite leer archivos de su elección a atacantes remotos con la yuda del usuario local a través del parámetro 'attachment' a una URL mailto: , que adjunta el archivo al correo electrónico. • http://rhn.redhat.com/errata/RHSA-2013-0516.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-356: Product UI does not Warn User of Unsafe Actions •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 1CVE-2009-1631
https://notcve.org/view.php?id=CVE-2009-1631
14 May 2009 — The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. El componente Mailer en Evolution v2.26.1 y versiones anteriores utiliza permisos de lectura para todos para el directorio .evolution, y determinados directorios y ficheros bajo .evolution/ relacionados con el correo local, lo cual permite a... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 76%CPEs: 2EXPL: 0CVE-2008-0072 – Evolution format string flaw
https://notcve.org/view.php?id=CVE-2008-0072
06 Mar 2008 — Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. Una vulnerabilidad de cadena de formato en la función emf_multipart_encrypted en el archivo mail/em-format.c en Evolution versión 2.12.3 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de un mensaje encriptado diseñado, tal y como es dem... • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00003.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 2CVE-2007-1266 – Gnome Evolution 2.x - GnuPG Arbitrary Content Injection
https://notcve.org/view.php?id=CVE-2007-1266
06 Mar 2007 — Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. Evolution 2.8.1 y anteriores no utilizan adecuadamente el argumento --status-fd al invocar a GnuPG, lo cual provoca que Evolution no distinga visualmente entre trozos firmados y no firmados de me... • https://www.exploit-db.com/exploits/29691 •