CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 1CVE-2020-16117 – evolution-data-server: NULL pointer dereference related to imapx_free_capability and imapx_connect_to_server
https://notcve.org/view.php?id=CVE-2020-16117
29 Jul 2020 — In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server. En GNOME evolution-data-server versiones anteriores a 3.35.91, un servidor malicioso puede bloquear el cliente de correo con una desreferencia del puntero NULL mediante el envío de una línea CAPABILITY no válida (por ejemplo, mínima) en un... • https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 4%CPEs: 7EXPL: 1CVE-2020-14928 – evolution-data-server: Response injection via STARTTLS in SMTP and POP3
https://notcve.org/view.php?id=CVE-2020-14928
17 Jul 2020 — evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection." evolution-data-server (eds) versiones hasta 3.36.3, presenta un problema de almacenamiento en búfer STARTTLS que afecta a SMTP y POP3. Cuando un servidor envía una respuesta "begin TLS", eds lee datos adicionales y los evalúa en un contexto TLS, también se conoce como "response ... • https://bugzilla.suse.com/show_bug.cgi?id=1173910 • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.1EPSS: 3%CPEs: 2EXPL: 0CVE-2009-0582 – evolution-data-server: insufficient checking of NTLM authentication challenge packets
https://notcve.org/view.php?id=CVE-2009-0582
14 Mar 2009 — The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2009-0587 – evolution-data-server: integer overflow in base64 encoding functions
https://notcve.org/view.php?id=CVE-2009-0587
14 Mar 2009 — Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel. Múltiples desbordamientos de enteros en Evolution Data Server (alias Evolution-Data-Server) antes de la version 2.24.5 permiten a atacantes dependientes de contexto ejecutar código arbitrario a través de u... • http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •