Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 36 results


CVE-2023-35799

Medium priority
Needs evaluation

Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges.

1 affected packages

evolution

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evolution Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-39361

Medium priority
Needs evaluation

In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

1 affected packages

evolution-rss

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evolution-rss Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-3349

Medium priority
Ignored

** DISPUTED ** GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third...

1 affected packages

evolution

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evolution Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2020-16117

Low priority
Needs evaluation

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related...

1 affected packages

evolution-data-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evolution-data-server Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2020-14928

Medium priority

Some fixes available 3 of 4

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."

1 affected packages

evolution-data-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evolution-data-server Fixed Fixed Fixed
Show less packages

CVE-2020-11879

Medium priority
Vulnerable

An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a...

1 affected packages

evolution

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evolution Not affected Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2011-3355

Medium priority
Ignored

evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this...

1 affected packages

evolution-data-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evolution-data-server
Show less packages

CVE-2019-3890

Medium priority
Needs evaluation

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the...

1 affected packages

evolution-ews

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evolution-ews Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2018-15587

Medium priority

Some fixes available 25 of 28

GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.

2 affected packages

evolution, evolution-data-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evolution Fixed Fixed Fixed Vulnerable Vulnerable
evolution-data-server Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2016-10727

Medium priority
Fixed

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not...

1 affected packages

evolution-data-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evolution-data-server Not affected Fixed
Show less packages