This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gnome First view 2008-06-04
Product Evolution Last view 2021-02-01
Version 2.22.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:gnome:evolution

Activity : Overall

Related : CVE

  Date Alert Description
3.3 2021-02-01 CVE-2021-3349

** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior.

6.5 2020-04-17 CVE-2020-11879

An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value.

7.5 2020-02-06 CVE-2013-4166

The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.

6.5 2019-02-11 CVE-2018-15587

GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.

9.8 2018-07-20 CVE-2016-10727

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.

9.8 2018-06-15 CVE-2018-12422

** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a large-enough buffer on the heap."

4.3 2013-03-08 CVE-2011-3201

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.

2.1 2009-05-14 CVE-2009-1631

The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.

9.3 2008-06-04 CVE-2008-1109

Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).

CWE : Common Weakness Enumeration

%idName
37% (3) CWE-200 Information Exposure
25% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12% (1) CWE-347 Improper Verification of Cryptographic Signature
12% (1) CWE-345 Insufficient Verification of Data Authenticity
12% (1) CWE-264 Permissions, Privileges, and Access Controls

Open Source Vulnerability Database (OSVDB)

id Description
54679 Evolution Mailer Component .evolution Directory Permission Weakness Local Inf...
46006 Evolution iCalendar Calendar View Attachment DESCRIPTION Property Handling Ov...

OpenVAS Exploits

id Description
2009-05-19 Name : Evolution Mail Client Information Disclosure Vulnerability
File : nvt/secpod_evolution_info_disc_vuln.nasl
2009-04-09 Name : Mandriva Update for evolution MDVSA-2008:111 (evolution)
File : nvt/gb_mandriva_MDVSA_2008_111.nasl
2009-03-23 Name : Ubuntu Update for evolution vulnerabilities USN-615-1
File : nvt/gb_ubuntu_USN_615_1.nasl
2009-03-06 Name : RedHat Update for evolution28 RHSA-2008:0515-01
File : nvt/gb_RHSA-2008_0515-01_evolution28.nasl
2009-02-27 Name : CentOS Update for evolution28 CESA-2008:0515 centos4 i386
File : nvt/gb_CESA-2008_0515_evolution28_centos4_i386.nasl
2009-02-27 Name : CentOS Update for evolution28 CESA-2008:0515 centos4 x86_64
File : nvt/gb_CESA-2008_0515_evolution28_centos4_x86_64.nasl
2009-02-17 Name : Fedora Update for evolution FEDORA-2008-4990
File : nvt/gb_fedora_2008_4990_evolution_fc9.nasl
2009-02-17 Name : Fedora Update for evolution FEDORA-2008-5016
File : nvt/gb_fedora_2008_5016_evolution_fc8.nasl
2009-02-17 Name : Fedora Update for evolution FEDORA-2008-5018
File : nvt/gb_fedora_2008_5018_evolution_fc7.nasl
2009-01-23 Name : SuSE Update for evolution SUSE-SA:2008:028
File : nvt/gb_suse_2008_028.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200806-06 (evolution)
File : nvt/glsa_200806_06.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-1434efb8f3.nasl - Type: ACT_GATHER_INFO
2014-11-12 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2013-1540.nasl - Type: ACT_GATHER_INFO
2013-12-10 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20131121_evolution_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2013-11-29 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2013-1540.nasl - Type: ACT_GATHER_INFO
2013-11-21 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-1540.nasl - Type: ACT_GATHER_INFO
2013-08-01 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1922-1.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2008-0515.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2013-0516.nasl - Type: ACT_GATHER_INFO
2013-03-10 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2013-0516.nasl - Type: ACT_GATHER_INFO
2013-03-05 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20130221_evolution_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2013-02-21 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-0516.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20080604_evolution28_on_SL4_6.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20080604_evolution_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2010-03-11 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_evolution-data-server-100208.nasl - Type: ACT_GATHER_INFO
2010-01-06 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2008-0514.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2008-111.nasl - Type: ACT_GATHER_INFO
2008-06-18 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200806-06.nasl - Type: ACT_GATHER_INFO
2008-06-16 Name: The remote openSUSE host is missing a security update.
File: suse_evolution-5326.nasl - Type: ACT_GATHER_INFO
2008-06-16 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_evolution-5327.nasl - Type: ACT_GATHER_INFO
2008-06-09 Name: The remote Fedora host is missing a security update.
File: fedora_2008-5018.nasl - Type: ACT_GATHER_INFO
2008-06-09 Name: The remote Fedora host is missing a security update.
File: fedora_2008-5016.nasl - Type: ACT_GATHER_INFO
2008-06-09 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-615-1.nasl - Type: ACT_GATHER_INFO
2008-06-09 Name: The remote Fedora host is missing a security update.
File: fedora_2008-4990.nasl - Type: ACT_GATHER_INFO
2008-06-09 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2008-0515.nasl - Type: ACT_GATHER_INFO
2008-06-05 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2008-0515.nasl - Type: ACT_GATHER_INFO