cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-39361,https://securityvulnerability.io/vulnerability/CVE-2021-39361,Improper TLS Certificate Verification in GNOME Evolution RSS,"The GNOME Evolution RSS application, specifically in versions up to 0.3.96, contains a flaw in its network-soup.c component, where the SoupSessionSync objects it generates do not activate TLS certificate verification. This oversight renders users susceptible to man-in-the-middle (MITM) attacks, where an attacker could intercept and potentially manipulate the data transmitted over the network. This vulnerability is similar to previous issues noted in related components, emphasizing the criticality of proper certificate validation in maintaining secure communications.",Gnome,Evolution-rss,5.9,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2021-08-22T18:46:17.000Z,0
CVE-2021-3349,https://securityvulnerability.io/vulnerability/CVE-2021-3349,,"GNOME Evolution through 3.38.3 produces a ""Valid signature"" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior",Gnome,Evolution,3.3,LOW,0.0005799999926239252,false,,false,false,false,,,false,false,,2021-02-01T04:04:19.000Z,0
CVE-2020-16117,https://securityvulnerability.io/vulnerability/CVE-2020-16117,,"In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.",Gnome,Evolution-data-server,5.9,MEDIUM,0.002309999894350767,false,,false,false,false,,,false,false,,2020-07-29T17:59:10.000Z,0
CVE-2020-14928,https://securityvulnerability.io/vulnerability/CVE-2020-14928,,"evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a ""begin TLS"" response, eds reads additional data and evaluates it in a TLS context, aka ""response injection.""",Gnome,Evolution-data-server,5.9,MEDIUM,0.0017800000496208668,false,,false,false,false,,,false,false,,2020-07-17T15:30:42.000Z,0
CVE-2020-11879,https://securityvulnerability.io/vulnerability/CVE-2020-11879,,"An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) ""mailto?attach=..."" parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value.",Gnome,Evolution,6.5,MEDIUM,0.0016700000269338489,false,,false,false,false,,,false,false,,2020-04-17T17:07:41.000Z,0
CVE-2013-4166,https://securityvulnerability.io/vulnerability/CVE-2013-4166,,"The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted with the wrong key and allow remote attackers to obtain sensitive information.",Gnome,"Evolution,Evolution Data Server",7.5,HIGH,0.003160000080242753,false,,false,false,false,,,false,false,,2020-02-06T14:29:39.000Z,0
CVE-2019-3890,https://securityvulnerability.io/vulnerability/CVE-2019-3890,,It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.,The Gnome Project,Evolution-ews,8.1,HIGH,0.0013000000035390258,false,,false,false,false,,,false,false,,2019-08-01T13:22:55.000Z,0
CVE-2018-15587,https://securityvulnerability.io/vulnerability/CVE-2018-15587,,GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.,Gnome,Evolution,6.5,MEDIUM,0.0022700000554323196,false,,false,false,false,,,false,false,,2019-02-11T17:00:00.000Z,0
CVE-2018-12422,https://securityvulnerability.io/vulnerability/CVE-2018-12422,,"addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because ""the code had computed the required string length first, and then allocated a large-enough buffer on the heap.",Gnome,Evolution,9.8,CRITICAL,0.0022499999031424522,false,,false,false,false,,,false,false,,2018-06-15T16:00:00.000Z,0
CVE-2009-1631,https://securityvulnerability.io/vulnerability/CVE-2009-1631,,"The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.",Gnome,Evolution,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2009-05-14T17:00:00.000Z,0
CVE-2009-0582,https://securityvulnerability.io/vulnerability/CVE-2009-0582,,"The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.",Gnome,Evolution-data-server,,,0.003120000008493662,false,,false,false,false,,,false,false,,2009-03-14T18:00:00.000Z,0
CVE-2008-1109,https://securityvulnerability.io/vulnerability/CVE-2008-1109,,"Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).",Gnome,Evolution,,,0.20496000349521637,false,,false,false,false,,,false,false,,2008-06-04T20:00:00.000Z,0
CVE-2008-1108,https://securityvulnerability.io/vulnerability/CVE-2008-1108,,"Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.",Gnome,Evolution,,,0.24089999496936798,false,,false,false,false,,,false,false,,2008-06-04T20:00:00.000Z,0
CVE-2008-0072,https://securityvulnerability.io/vulnerability/CVE-2008-0072,,"Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.",Gnome,Evolution,,,0.6995599865913391,false,,false,false,false,,,false,false,,2008-03-06T00:00:00.000Z,0
CVE-2007-3257,https://securityvulnerability.io/vulnerability/CVE-2007-3257,,"Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.",Gnome,Evolution,,,0.0301900003105402,false,,false,false,false,,,false,false,,2007-06-19T16:00:00.000Z,0
CVE-2007-1266,https://securityvulnerability.io/vulnerability/CVE-2007-1266,,"Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.",Gnome,Evolution,,,0.03207999840378761,false,,false,false,false,,,false,false,,2007-03-06T20:00:00.000Z,0
CVE-2006-2789,https://securityvulnerability.io/vulnerability/CVE-2006-2789,,"Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when ""load images if sender in addressbook"" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted ""From"" header that triggers an assert error in camel-internet-address.c when a null pointer is used.",Gnome,Evolution,,,0.00865000020712614,false,,false,false,false,,,false,false,,2006-06-02T22:00:00.000Z,0
CVE-2006-0040,https://securityvulnerability.io/vulnerability/CVE-2006-0040,,"GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml.",Gnome,Evolution,,,0.01834000088274479,false,,false,false,false,,,false,false,,2006-03-10T01:00:00.000Z,0
CVE-2006-0528,https://securityvulnerability.io/vulnerability/CVE-2006-0528,,"The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains ""Content-Disposition: inline"" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment.",Gnome,Evolution,,,0.1579200029373169,false,,false,false,false,,,false,false,,2006-02-02T11:00:00.000Z,0
CVE-2005-2549,https://securityvulnerability.io/vulnerability/CVE-2005-2549,,"Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.",Gnome,Evolution,,,0.0753600001335144,false,,false,false,false,,,false,false,,2005-08-12T04:00:00.000Z,0
CVE-2005-2550,https://securityvulnerability.io/vulnerability/CVE-2005-2550,,"Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.",Gnome,Evolution,,,0.08876000344753265,false,,false,false,false,,,false,false,,2005-08-12T04:00:00.000Z,0