Search for packages
| purl | pkg:deb/debian/evolution@2.6.3-6 |
| Next non-vulnerable version | 3.38.3-1+deb11u2 |
| Latest non-vulnerable version | 3.38.3-1+deb11u2 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1kgt-ev1b-vqey
Aliases: CVE-2009-1631 |
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. |
Affected by 2 other vulnerabilities. |
|
VCID-27dq-4ygw-ebhe
Aliases: CVE-2006-0040 |
GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml. |
Affected by 3 other vulnerabilities. |
|
VCID-3ja7-4cwn-cbfr
Aliases: CVE-2008-0072 |
A format string error has been discovered in Evolution, possibly resulting in the execution of arbitrary code. |
Affected by 3 other vulnerabilities. |
|
VCID-67d5-ftaf-8yhj
Aliases: CVE-2007-3257 |
The IMAP client of Evolution contains a vulnerability potentially leading to the execution of arbitrary code. |
Affected by 3 other vulnerabilities. |
|
VCID-7kpt-g36p-7ycv
Aliases: CVE-2020-11879 |
Affected by 0 other vulnerabilities. |
|
|
VCID-7pcu-prtr-bqhg
Aliases: CVE-2018-15587 |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
|
VCID-9du9-wsr8-d7ay
Aliases: CVE-2008-1109 |
Multiple vulnerabilities in Evolution may allow for user-assisted execution of arbitrary code. |
Affected by 3 other vulnerabilities. |
|
VCID-f121-myv6-6ua1
Aliases: CVE-2007-1002 |
A vulnerability has been discovered in Evolution allowing for the execution of arbitrary code. |
Affected by 3 other vulnerabilities. |
|
VCID-kp8e-yu4x-2ygc
Aliases: CVE-2008-1108 |
Multiple vulnerabilities in Evolution may allow for user-assisted execution of arbitrary code. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1ffq-e994-bka9 | Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers. |
CVE-2005-2549
|
| VCID-fh7r-rv78-pkcd | The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment. |
CVE-2006-0528
|
| VCID-h4xp-q36b-87e1 | Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used. |
CVE-2006-2789
|
| VCID-vtz9-3sep-yqhh | Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab. |
CVE-2005-2550
|