VulnerableCode Package Details - pkg:deb/debian/evolution-data-server@1.6.3-5

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/evolution-data-server@1.6.3-5

Essentials
History (10)

purl	pkg:deb/debian/evolution-data-server@1.6.3-5

Next non-vulnerable version	3.56.2-8
Latest non-vulnerable version	3.56.2-8
Risk	2.6

Vulnerabilities affecting this package (9)

Vulnerability	Summary	Fixed by
VCID-67d5-ftaf-8yhj Aliases: CVE-2007-3257	The IMAP client of Evolution contains a vulnerability potentially leading to the execution of arbitrary code.	2.22.3-1.1+lenny2 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-6ftk-sw8b-r7aj Aliases: CVE-2026-2604		3.46.4-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 3.56.2-8 Affected by 0 other vulnerabilities.
VCID-81gc-n129-skh5 Aliases: CVE-2016-10727	camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.	3.22.7-1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-e4xa-phk6-7ugb Aliases: CVE-2009-0582	The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.	2.30.3-2+squeeze1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-jn6d-sq5u-vqax Aliases: CVE-2009-0587	Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel.	2.22.3-1.1+lenny2 Affected by 7 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kkeu-j7jt-vyea Aliases: CVE-2020-14928		3.30.5-1+deb10u2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.38.3-1+deb11u2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ta3p-yt6t-2fb6 Aliases: CVE-2020-16117		3.38.3-1+deb11u2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-w3r7-4cec-2fc4 Aliases: CVE-2009-0547	Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077.	2.30.3-2+squeeze1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-xhde-6dpj-8ubp Aliases: CVE-2018-12422		3.30.5-1+deb10u2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T12:51:04.304484+00:00	Debian Oval Importer	Affected by	VCID-e4xa-phk6-7ugb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T12:17:11.740098+00:00	Debian Oval Importer	Affected by	VCID-w3r7-4cec-2fc4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T11:07:46.805517+00:00	Debian Oval Importer	Affected by	VCID-ta3p-yt6t-2fb6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T10:32:17.349616+00:00	Debian Oval Importer	Affected by	VCID-kkeu-j7jt-vyea	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T10:04:29.521180+00:00	Debian Oval Importer	Affected by	VCID-6ftk-sw8b-r7aj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T09:39:42.062923+00:00	Debian Oval Importer	Affected by	VCID-67d5-ftaf-8yhj	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T03:12:32.678908+00:00	Debian Oval Importer	Affected by	VCID-jn6d-sq5u-vqax	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T02:14:16.184602+00:00	Debian Oval Importer	Affected by	VCID-xhde-6dpj-8ubp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T02:07:44.973020+00:00	Debian Oval Importer	Affected by	VCID-81gc-n129-skh5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T01:49:51.305600+00:00	Debian Oval Importer	Affected by	VCID-kkeu-j7jt-vyea	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.6.0