|Max CVSS||5.8||Min CVSS||4.3||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
|14-08-2020 - 15:25||17-07-2020 - 16:15|
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encry
|10-02-2020 - 18:47||06-02-2020 - 15:15|
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the diffe
|09-10-2019 - 23:49||01-08-2019 - 14:15|
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
|10-06-2019 - 07:29||11-02-2019 - 17:29|
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitab
|25-04-2019 - 14:16||25-07-2018 - 23:29|
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email.
|29-08-2017 - 01:30||08-03-2013 - 21:55|