CVE-2026-2604
- EPSS 0.19%
- Veröffentlicht 16.06.2026 21:35:51
- Zuletzt bearbeitet 16.06.2026 21:35:51
A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without prop...
CVE-2020-16117
- EPSS 2.12%
- Veröffentlicht 29.07.2020 18:15:14
- Zuletzt bearbeitet 21.11.2024 05:06:47
In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and im...
CVE-2020-14928
- EPSS 2.81%
- Veröffentlicht 17.07.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 05:04:27
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
CVE-2009-0582
- EPSS 2.27%
- Veröffentlicht 14.03.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:05:21
The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a ce...