VYPR
Vendor

Evolution

Products
4
CVEs
16
Across products
16
Status
Private

Products

4

Recent CVEs

16
  • CVE-2006-4678Sep 11, 2006
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the _NE[AbsPath] parameter in (1) install.php and (2) migrateNE2toNE3.php.

  • CVE-2023-43340Oct 19, 2023
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters

  • CVE-2022-4869Jan 5, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in Evolution Events Artaxerxes. It has been declared as problematic. This vulnerability affects unknown code of the file arta/common/middleware.py of the component POST Parameter Handler. The manipulation of the argument password leads to information…

  • CVE-2009-3721May 26, 2021
    risk 0.00cvss epss 0.02

    Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially…

  • CVE-2011-3355Nov 25, 2019
    risk 0.00cvss epss 0.01

    evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.

  • CVE-2019-3890Aug 1, 2019
    risk 0.00cvss epss 0.01

    It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.

  • CVE-2009-0587Mar 14, 2009
    risk 0.00cvss epss 0.03

    Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2)…

  • CVE-2009-0582Mar 14, 2009
    risk 0.00cvss epss 0.02

    The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is…

  • CVE-2009-0547Feb 12, 2009
    risk 0.00cvss epss 0.02

    Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than…

  • CVE-2008-1108Jun 4, 2008
    risk 0.00cvss epss 0.06

    Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.

  • CVE-2008-1109Jun 4, 2008
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).

  • CVE-2008-0072Mar 6, 2008
    risk 0.00cvss epss 0.05

    Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.

  • CVE-2007-1002Mar 21, 2007
    risk 0.00cvss epss 0.03

    Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a…

  • CVE-2005-2549Aug 12, 2005
    risk 0.00cvss epss 0.04

    Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.

  • CVE-2005-2550Aug 12, 2005
    risk 0.00cvss epss 0.04

    Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.

  • CVE-2003-0296Jun 16, 2003
    risk 0.00cvss epss 0.02

    The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors.