Page 2 of 9 results (0.017 seconds)

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. La función gpg_ctx_add_recipient en el archivo camel/camel-gpg-context.c en GNOME Evolution versiones 3.8.4 y anteriores y Evolution Data Server versiones 3.9.5 y anteriores, no selecciona apropiadamente la clave GPG que se usa para el cifrado de correo electrónico, lo que podría causar que el correo electrónico sea cifrado con la clave errada y permitir a atacantes remotos obtener información confidencial. • http://rhn.redhat.com/errata/RHSA-2013-1540.html http://seclists.org/oss-sec/2013/q3/191 https://bugzilla.redhat.com/show_bug.cgi?id=973728 https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5 https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d https://access.redhat.com/security/cve/CVE-2013-4166 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-697: Incorrect Comparison •

CVSS: 4.3EPSS: 0%CPEs: 49EXPL: 0

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email. GNOME Evolution antes de v3.2.3 permite leer archivos de su elección a atacantes remotos con la yuda del usuario local a través del parámetro 'attachment' a una URL mailto: , que adjunta el archivo al correo electrónico. • http://rhn.redhat.com/errata/RHSA-2013-0516.html http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html https://bugzilla.gnome.org/show_bug.cgi?id=657374 https://bugzilla.redhat.com/show_bug.cgi?id=733504 https://exchange.xforce.ibmcloud.com/vulnerabilities/82450 https://git.gnome.org/browse/evolution/commit/?id=0a478083fa31aec0059bc6feacc054226fe55b56 https://git.gnome.org/browse/evolution/commit/?id=588c410718068388f8ce0004a71c104a4c89cce3 https://access.redhat.com/security/cve/CVE-20 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-356: Product UI does not Warn User of Unsafe Actions •

CVSS: 2.1EPSS: 0%CPEs: 19EXPL: 1

The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. El componente Mailer en Evolution v2.26.1 y versiones anteriores utiliza permisos de lectura para todos para el directorio .evolution, y determinados directorios y ficheros bajo .evolution/ relacionados con el correo local, lo cual permite a usuarios locales obtener información sensible a través de la lectura de esos ficheros. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409 http://bugzilla.gnome.org/show_bug.cgi?id=581604 http://www.openwall.com/lists/oss-security/2009/05/12/6 http://www.securityfocus.com/bid/34921 https://bugzilla.redhat.com/show_bug.cgi?id=498648 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077. Evolution v2.22.3.1, comprueba las firmas S/MIME contra una copia del texto del correo electrónico con un campo de datos firmados, la copia del texto del correo no se muestra al usuario, esto permite a atacantes remotos falsificar la firma modificando la copia posterior. Se trata de una vulnerabilidad diferente de CVE-2008-5077. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508479 http://bugzilla.gnome.org/show_bug.cgi?id=564465 http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://openwall.com/lists/oss-security/2009/02/10/7 http://secunia.com/advisories/33848 http://secunia.com/advisories/34338 http://secunia.com/advisories • CWE-310: Cryptographic Issues •