CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2010-1427
https://notcve.org/view.php?id=CVE-2010-1427
15 Apr 2010 — Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin in MODx Evolution before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to AjaxSearch. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el plugin SearchHighlight en MODx Evolution anterior v1.0.3 permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores desconocidos relacionados con AjaxSearch. • http://jvn.jp/en/jp/JVN46669729/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 1CVE-2009-1631
https://notcve.org/view.php?id=CVE-2009-1631
14 May 2009 — The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. El componente Mailer en Evolution v2.26.1 y versiones anteriores utiliza permisos de lectura para todos para el directorio .evolution, y determinados directorios y ficheros bajo .evolution/ relacionados con el correo local, lo cual permite a... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0547 – evolution-data-server: S/MIME signatures are considered to be valid even for modified messages (MITM)
https://notcve.org/view.php?id=CVE-2009-0547
12 Feb 2009 — Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077. Evolution v2.22.3.1, comprueba las firmas S/MIME contra una copia del texto del correo electrónico con un campo de datos firmados, la copia del texto del correo no se muestra al usuario, esto permite a atacantes remotos falsi... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508479 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 24%CPEs: 1EXPL: 0CVE-2008-1108 – evolution: iCalendar buffer overflow via large timezone specification
https://notcve.org/view.php?id=CVE-2008-1108
04 Jun 2008 — Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment. Desbordamiento de búfer en Evolution 2.22.1, cuando el plugin ITip Formates está desactivado, permite a atacantes remotos ejecutar código arbitrario a través de una cadena "timezone" larga en un adjunto iCalendar. • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 20%CPEs: 1EXPL: 0CVE-2008-1109 – evolution: iCalendar buffer overflow via large description parameter
https://notcve.org/view.php?id=CVE-2008-1109
04 Jun 2008 — Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window). Desbordamiento de Búfer basado en montículo en Evolution 2.22.1 permite a atacantes remotos asistidos por el usuario, ejecutar código arbitrariamente mediante una propiedad DESCRIPTION larga en un adjunto iCalendar, que no es gestionado correctame... • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 76%CPEs: 2EXPL: 0CVE-2008-0072 – Evolution format string flaw
https://notcve.org/view.php?id=CVE-2008-0072
06 Mar 2008 — Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. Una vulnerabilidad de cadena de formato en la función emf_multipart_encrypted en el archivo mail/em-format.c en Evolution versión 2.12.3 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de un mensaje encriptado diseñado, tal y como es dem... • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00003.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2007-3257 – evolution malicious server arbitrary code execution
https://notcve.org/view.php?id=CVE-2007-3257
19 Jun 2007 — Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index. Camel (camel-imap-folder.c) en el componente de mensajería (mailer) para Evolution Data Server 1.11 permite a servidores IMAP remotos ejecutar código de su elección mediante un valor negativo de SEQUENCE en GData, lo cual se usa como índice de una rray. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 2CVE-2007-1266 – Gnome Evolution 2.x - GnuPG Arbitrary Content Injection
https://notcve.org/view.php?id=CVE-2007-1266
06 Mar 2007 — Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. Evolution 2.8.1 y anteriores no utilizan adecuadamente el argumento --status-fd al invocar a GnuPG, lo cual provoca que Evolution no distinga visualmente entre trozos firmados y no firmados de me... • https://www.exploit-db.com/exploits/29691 •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2006-2789
https://notcve.org/view.php?id=CVE-2006-2789
02 Jun 2006 — Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used. • http://bugzilla.gnome.org/show_bug.cgi?id=309453 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2006-0040
https://notcve.org/view.php?id=CVE-2006-0040
10 Mar 2006 — GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml. • http://secunia.com/advisories/19094 •