CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12422
https://notcve.org/view.php?id=CVE-2018-12422
15 Jun 2018 — addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a large-enough buffer on the heap. ** EN DISPUTA ** addressbook/backends/ldap/e-book-backend-ldap.c en Evolution-Data-Server en GNOME Evolution hasta la versión 3.29.2... • https://bugzilla.gnome.org/show_bug.cgi?id=796174 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 1CVE-2017-17689 – Debian Security Advisory 4244-1
https://notcve.org/view.php?id=CVE-2017-17689
16 May 2018 — The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. La especificación S/MIME permite un ataque malleability-gadget Cipher Block Chaining (CBC) que puede conducir indirectamente a la exfiltración en texto plano. Esto también se conoce como EFAIL. Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails. • http://www.securityfocus.com/bid/104165 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4166 – evolution: incorrect selection of recipient gpg public key for encrypted mail
https://notcve.org/view.php?id=CVE-2013-4166
01 Aug 2013 — The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. La función gpg_ctx_add_recipient en el archivo camel/camel-gpg-context.c en GNOME Evolution versiones 3.8.4 y anteriores y Evolution Data Server versiones 3.9.5 y anteriores, no ... • http://rhn.redhat.com/errata/RHSA-2013-1540.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-697: Incorrect Comparison •
CVSS: 6.5EPSS: 0%CPEs: 49EXPL: 0CVE-2011-3201 – evolution: mailto URL scheme attachment header improper input validation
https://notcve.org/view.php?id=CVE-2011-3201
08 Mar 2013 — GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email. GNOME Evolution antes de v3.2.3 permite leer archivos de su elección a atacantes remotos con la yuda del usuario local a través del parámetro 'attachment' a una URL mailto: , que adjunta el archivo al correo electrónico. • http://rhn.redhat.com/errata/RHSA-2013-0516.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-356: Product UI does not Warn User of Unsafe Actions •
CVSS: 9.8EPSS: 21%CPEs: 7EXPL: 0CVE-2009-2404 – nss regexp heap overflow
https://notcve.org/view.php?id=CVE-2009-2404
03 Aug 2009 — Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. Desbordamiento de búfer basado en memoria dinámica en el an... • http://rhn.redhat.com/errata/RHSA-2009-1185.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 1CVE-2009-1631
https://notcve.org/view.php?id=CVE-2009-1631
14 May 2009 — The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. El componente Mailer en Evolution v2.26.1 y versiones anteriores utiliza permisos de lectura para todos para el directorio .evolution, y determinados directorios y ficheros bajo .evolution/ relacionados con el correo local, lo cual permite a... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 3%CPEs: 2EXPL: 0CVE-2009-0582 – evolution-data-server: insufficient checking of NTLM authentication challenge packets
https://notcve.org/view.php?id=CVE-2009-0582
14 Mar 2009 — The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2008-1108 – evolution: iCalendar buffer overflow via large timezone specification
https://notcve.org/view.php?id=CVE-2008-1108
04 Jun 2008 — Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment. Desbordamiento de búfer en Evolution 2.22.1, cuando el plugin ITip Formates está desactivado, permite a atacantes remotos ejecutar código arbitrario a través de una cadena "timezone" larga en un adjunto iCalendar. • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 5%CPEs: 1EXPL: 0CVE-2008-1109 – evolution: iCalendar buffer overflow via large description parameter
https://notcve.org/view.php?id=CVE-2008-1109
04 Jun 2008 — Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window). Desbordamiento de Búfer basado en montículo en Evolution 2.22.1 permite a atacantes remotos asistidos por el usuario, ejecutar código arbitrariamente mediante una propiedad DESCRIPTION larga en un adjunto iCalendar, que no es gestionado correctame... • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 12%CPEs: 2EXPL: 0CVE-2008-0072 – Evolution format string flaw
https://notcve.org/view.php?id=CVE-2008-0072
06 Mar 2008 — Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. Una vulnerabilidad de cadena de formato en la función emf_multipart_encrypted en el archivo mail/em-format.c en Evolution versión 2.12.3 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de un mensaje encriptado diseñado, tal y como es dem... • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00003.html • CWE-134: Use of Externally-Controlled Format String •