CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3349
https://notcve.org/view.php?id=CVE-2021-3349
01 Feb 2021 — GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior ** EN DISPUTA ** GNOME Evolution versiones hasta 3.38.3, produce un mensaje "Valid signature" para un identificador desconocido en una clave previamente confiable porque Evolution no ... • https://dev.gnupg.org/T4735 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11879
https://notcve.org/view.php?id=CVE-2020-11879
17 Apr 2020 — An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value. Se descubrió un problema en GNOME Evolution anterior a la versión 3.35.91. Al utilizar el parámetro "mailto Attach = ..." patentado (no RFC6068), un sitio web (u otra fuente de enla... • https://gitlab.gnome.org/GNOME/evolution/-/blob/master/NEWS •
CVSS: 6.5EPSS: 2%CPEs: 2EXPL: 2CVE-2018-15587 – evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages
https://notcve.org/view.php?id=CVE-2018-15587
11 Feb 2019 — GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment. GNOME Evolution, hasta la versión 3.28.2, es propenso a que las firmas OpenPGP sean suplantadas para mensajes arbitrarios empleando un correo electrónico especialmente manipulado que contiene una firma válida de la entidad que será suplantada como adjunto. Evolution is a GNOME application that p... • https://packetstorm.news/files/id/152703 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 1CVE-2016-10727 – Ubuntu Security Notice USN-3724-1
https://notcve.org/view.php?id=CVE-2016-10727
20 Jul 2018 — camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly. camel/providers/imapx/camel-imapx-server.c en el componente IMAPx en GNO... • https://bugzilla.redhat.com/show_bug.cgi?id=1334842 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12422
https://notcve.org/view.php?id=CVE-2018-12422
15 Jun 2018 — addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a large-enough buffer on the heap. ** EN DISPUTA ** addressbook/backends/ldap/e-book-backend-ldap.c en Evolution-Data-Server en GNOME Evolution hasta la versión 3.29.2... • https://bugzilla.gnome.org/show_bug.cgi?id=796174 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4166 – evolution: incorrect selection of recipient gpg public key for encrypted mail
https://notcve.org/view.php?id=CVE-2013-4166
01 Aug 2013 — The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information. La función gpg_ctx_add_recipient en el archivo camel/camel-gpg-context.c en GNOME Evolution versiones 3.8.4 y anteriores y Evolution Data Server versiones 3.9.5 y anteriores, no ... • http://rhn.redhat.com/errata/RHSA-2013-1540.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-697: Incorrect Comparison •
CVSS: 6.5EPSS: 0%CPEs: 49EXPL: 0CVE-2011-3201 – evolution: mailto URL scheme attachment header improper input validation
https://notcve.org/view.php?id=CVE-2011-3201
08 Mar 2013 — GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email. GNOME Evolution antes de v3.2.3 permite leer archivos de su elección a atacantes remotos con la yuda del usuario local a través del parámetro 'attachment' a una URL mailto: , que adjunta el archivo al correo electrónico. • http://rhn.redhat.com/errata/RHSA-2013-0516.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-356: Product UI does not Warn User of Unsafe Actions •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2010-3929
https://notcve.org/view.php?id=CVE-2010-3929
02 Feb 2011 — SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch. Vulnerabilidad de inyección SQL en MODx Evolution v1.0.4 y anteriores permite a atacantes remotos ejecutar comandos SQL a través de vectores desconocidos relacionados con ajaxsearch. • http://jvn.jp/en/jp/JVN54092716/index.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2010-3930
https://notcve.org/view.php?id=CVE-2010-3930
02 Feb 2011 — Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecified vectors related to AjaxSearch, a different vulnerability than CVE-2010-1427. Vulnerabilidad de salto de directorio en MODx Evolution v1.0.4 y anteriores permite a atacantes remotos leer archivos de su elección a través de vectores no especificados relacionados con ajaxsearch, una vulnerabilidad diferente de CVE-2010-1427. • http://jvn.jp/en/jp/JVN95385972/index.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2011-0741
https://notcve.org/view.php?id=CVE-2011-0741
02 Feb 2011 — Multiple cross-site scripting (XSS) vulnerabilities in ModX Evolution before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) installer or (2) image editor. Ejecución de secuencias de comandos en sitios cruzados (XSS) en modx Evolución anterior a v1.0.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del instalador (1) o (2) editor de imagen. • http://modxcms.com/forums/index.php/topic%2C60045.0.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •