VYPR

Evolution Data Server

by GNOME Foundation

CVEs (7)

  • CVE-2018-12422CriJun 15, 2018
    risk 0.64cvss 9.8epss 0.02

    addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code…

  • CVE-2016-10727CriJul 20, 2018
    risk 0.57cvss 9.8epss 0.03

    camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers…

  • CVE-2013-4166HigFeb 6, 2020
    risk 0.49cvss 7.5epss 0.02

    The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and…

  • CVE-2020-16117MedJul 29, 2020
    risk 0.00cvss 5.9epss 0.02

    In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

  • CVE-2020-14928MedJul 17, 2020
    risk 0.00cvss 5.9epss 0.03

    evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."

  • CVE-2009-0582Mar 14, 2009
    risk 0.00cvss epss 0.02

    The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is…

  • CVE-2007-3257Jun 19, 2007
    risk 0.00cvss epss 0.03

    Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.