CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4166 – evolution: incorrect selection of recipient gpg public key for encrypted mail
https://notcve.org/view.php?id=CVE-2013-4166
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. La función gpg_ctx_add_recipient en el archivo camel/camel-gpg-context.c en GNOME Evolution versiones 3.8.4 y anteriores y Evolution Data Server versiones 3.9.5 y anteriores, no selecciona apropiadamente la clave GPG que se usa para el cifrado de correo electrónico, lo que podría causar que el correo electrónico sea cifrado con la clave errada y permitir a atacantes remotos obtener información confidencial. • http://rhn.redhat.com/errata/RHSA-2013-1540.html http://seclists.org/oss-sec/2013/q3/191 https://bugzilla.redhat.com/show_bug.cgi?id=973728 https://git.gnome.org/browse/evolution-data-server/commit/?h=gnome-3-8&id=f7059bb37dcce485d36d769142ec9515708d8ae5 https://git.gnome.org/browse/evolution-data-server/commit/?id=5d8b92c622f6927b253762ff9310479dd3ac627d https://access.redhat.com/security/cve/CVE-2013-4166 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-697: Incorrect Comparison •
CVSS: 4.3EPSS: 0%CPEs: 49EXPL: 0CVE-2011-3201 – evolution: mailto URL scheme attachment header improper input validation
https://notcve.org/view.php?id=CVE-2011-3201
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email. GNOME Evolution antes de v3.2.3 permite leer archivos de su elección a atacantes remotos con la yuda del usuario local a través del parámetro 'attachment' a una URL mailto: , que adjunta el archivo al correo electrónico. • http://rhn.redhat.com/errata/RHSA-2013-0516.html http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html https://bugzilla.gnome.org/show_bug.cgi?id=657374 https://bugzilla.redhat.com/show_bug.cgi?id=733504 https://exchange.xforce.ibmcloud.com/vulnerabilities/82450 https://git.gnome.org/browse/evolution/commit/?id=0a478083fa31aec0059bc6feacc054226fe55b56 https://git.gnome.org/browse/evolution/commit/?id=588c410718068388f8ce0004a71c104a4c89cce3 https://access.redhat.com/security/cve/CVE-20 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-356: Product UI does not Warn User of Unsafe Actions •
CVSS: 2.1EPSS: 0%CPEs: 19EXPL: 1CVE-2009-1631
https://notcve.org/view.php?id=CVE-2009-1631
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. El componente Mailer en Evolution v2.26.1 y versiones anteriores utiliza permisos de lectura para todos para el directorio .evolution, y determinados directorios y ficheros bajo .evolution/ relacionados con el correo local, lo cual permite a usuarios locales obtener información sensible a través de la lectura de esos ficheros. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409 http://bugzilla.gnome.org/show_bug.cgi?id=581604 http://www.openwall.com/lists/oss-security/2009/05/12/6 http://www.securityfocus.com/bid/34921 https://bugzilla.redhat.com/show_bug.cgi?id=498648 • CWE-264: Permissions, Privileges, and Access Controls •