Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 13 results


CVE-2020-16117

Low priority
Needs evaluation

In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related...

1 affected packages

evolution-data-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evolution-data-server Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2020-14928

Medium priority

Some fixes available 3 of 4

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."

1 affected packages

evolution-data-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evolution-data-server Fixed Fixed Fixed
Show less packages

CVE-2011-3355

Medium priority
Ignored

evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this...

1 affected packages

evolution-data-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evolution-data-server
Show less packages

CVE-2018-15587

Medium priority

Some fixes available 27 of 30

GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.

2 affected packages

evolution, evolution-data-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evolution Fixed Fixed Fixed Vulnerable Vulnerable
evolution-data-server Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2016-10727

Medium priority
Fixed

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not...

1 affected packages

evolution-data-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evolution-data-server Not affected Fixed
Show less packages

CVE-2018-12422

Medium priority
Ignored

** DISPUTED ** addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat...

2 affected packages

evolution, evolution-data-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evolution Ignored Ignored
evolution-data-server Ignored Ignored
Show less packages

CVE-2013-4166

Medium priority

Some fixes available 3 of 4

The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause...

1 affected packages

evolution-data-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evolution-data-server
Show less packages

CVE-2012-1177

Medium priority

Some fixes available 4 of 6

libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate.

2 affected packages

evolution-data-server, libgdata

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evolution-data-server
libgdata
Show less packages

CVE-2009-0587

Medium priority
Fixed

Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1)...

1 affected packages

evolution-data-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evolution-data-server
Show less packages

CVE-2009-0582

Low priority
Ignored

The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not...

1 affected packages

evolution-data-server

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
evolution-data-server
Show less packages