Search for packages
| purl | pkg:deb/debian/evolution@2.0.4-2sarge3 |
| Next non-vulnerable version | 3.38.3-1+deb11u2 |
| Latest non-vulnerable version | 3.38.3-1+deb11u2 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1ffq-e994-bka9
Aliases: CVE-2005-2549 |
Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers. |
Affected by 9 other vulnerabilities. |
|
VCID-1kgt-ev1b-vqey
Aliases: CVE-2009-1631 |
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. |
Affected by 2 other vulnerabilities. |
|
VCID-27dq-4ygw-ebhe
Aliases: CVE-2006-0040 |
GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml. |
Affected by 3 other vulnerabilities. |
|
VCID-3ja7-4cwn-cbfr
Aliases: CVE-2008-0072 |
A format string error has been discovered in Evolution, possibly resulting in the execution of arbitrary code. |
Affected by 3 other vulnerabilities. |
|
VCID-67d5-ftaf-8yhj
Aliases: CVE-2007-3257 |
The IMAP client of Evolution contains a vulnerability potentially leading to the execution of arbitrary code. |
Affected by 3 other vulnerabilities. |
|
VCID-7kpt-g36p-7ycv
Aliases: CVE-2020-11879 |
Affected by 0 other vulnerabilities. |
|
|
VCID-7pcu-prtr-bqhg
Aliases: CVE-2018-15587 |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-9du9-wsr8-d7ay
Aliases: CVE-2008-1109 |
Multiple vulnerabilities in Evolution may allow for user-assisted execution of arbitrary code. |
Affected by 3 other vulnerabilities. |
|
VCID-f121-myv6-6ua1
Aliases: CVE-2007-1002 |
A vulnerability has been discovered in Evolution allowing for the execution of arbitrary code. |
Affected by 3 other vulnerabilities. |
|
VCID-fh7r-rv78-pkcd
Aliases: CVE-2006-0528 |
The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment. |
Affected by 9 other vulnerabilities. |
|
VCID-h4xp-q36b-87e1
Aliases: CVE-2006-2789 |
Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used. |
Affected by 9 other vulnerabilities. |
|
VCID-kp8e-yu4x-2ygc
Aliases: CVE-2008-1108 |
Multiple vulnerabilities in Evolution may allow for user-assisted execution of arbitrary code. |
Affected by 3 other vulnerabilities. |
|
VCID-vtz9-3sep-yqhh
Aliases: CVE-2005-2550 |
Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab. |
Affected by 9 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1pms-gy8w-pbhu | The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow. |
CVE-2003-0128
|
| VCID-5r5s-q64u-jyet | The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors. |
CVE-2003-0296
|
| VCID-6jbu-xyh5-cyfj | GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages. |
CVE-2003-0133
|
| VCID-eah3-vbhe-4bgz | Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow. |
CVE-2005-0102
|
| VCID-j255-6yat-pkew | The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack. |
CVE-2002-1471
|
| VCID-j4pn-f41d-fqd2 | Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times. |
CVE-2003-0129
|
| VCID-n19y-rxv1-x7f7 | Evolution 2.0.3 allows remote attackers to cause a denial of service (application crash or hang) via crafted messages, possibly involving charsets in attachment filenames. |
CVE-2005-0806
|
| VCID-uwpv-btmf-yyas | The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image. |
CVE-2003-0130
|