CVE-2007-1266 – Gnome Evolution 2.x - GnuPG Arbitrary Content Injection
https://notcve.org/view.php?id=CVE-2007-1266
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. Evolution 2.8.1 y anteriores no utilizan adecuadamente el argumento --status-fd al invocar a GnuPG, lo cual provoca que Evolution no distinga visualmente entre trozos firmados y no firmados de mensajes OpenPGP con múltiples componentes, lo cual permite a atacantes remotos falsificar el contenido de un mensaje si ser detectado. • https://www.exploit-db.com/exploits/29691 http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html http://secunia.com/advisories/24412 http://securityreason.com/securityalert/2353 http://www.coresecurity.com/?action=item&id=1687 http://www.securityfocus.com/archive/1/461958/100/0/threaded http://www.securityfocus.com/archive/1/461958/30/7710/threaded http://www.securityfocus.com/bid/22760 http://www.securitytracker.com/id?1017727 http://www.vupen.com/english/ad •
CVE-2005-2549
https://notcve.org/view.php?id=CVE-2005-2549
Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers. • http://marc.info/?l=full-disclosure&m=112368237712032&w=2 http://secunia.com/advisories/16394 http://secunia.com/advisories/19380 http://www.debian.org/security/2006/dsa-1016 http://www.mandriva.com/security/advisories?name=MDKSA-2005:141 http://www.novell.com/linux/security/advisories/2005_54_evolution.html http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00031.html http://www.redhat.com/support/errata/RHSA-2005-267.html http://www.securityfocus.com/archive •
CVE-2005-2550
https://notcve.org/view.php?id=CVE-2005-2550
Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab. • http://marc.info/?l=full-disclosure&m=112368237712032&w=2 http://secunia.com/advisories/16394 http://secunia.com/advisories/19380 http://www.debian.org/security/2006/dsa-1016 http://www.mandriva.com/security/advisories?name=MDKSA-2005:141 http://www.novell.com/linux/security/advisories/2005_54_evolution.html http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00031.html http://www.redhat.com/support/errata/RHSA-2005-267.html http://www.securityfocus.com/archive •
CVE-2005-0102
https://notcve.org/view.php?id=CVE-2005-0102
Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000925 http://secunia.com/advisories/13830 http://security.gentoo.org/glsa/glsa-200501-35.xml http://securitytracker.com/id?1012981 http://www.debian.org/security/2005/dsa-673 http://www.mandriva.com/security/advisories?name=MDKSA-2005:024 http://www.redhat.com/support/errata/RHSA-2005-238.html http://www.redhat.com/support/errata/RHSA-2005-397.html http://www.securityfocus.com/bid/12354 https://exchange.xforce. • CWE-190: Integer Overflow or Wraparound •