Every CVE whose affected-product data names Gnome Evolution, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2005-0102 — CVSS 9.8 (critical): Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute…
CVE-2018-12422 — CVSS 9.8 (critical): addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger…
CVE-2016-10727 — CVSS 9.8 (critical): camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data…
CVE-2008-1109 — CVSS 9.3 (critical): Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION…
CVE-2009-3721 — CVSS 7.8 (high): Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived…
CVE-2008-1108 — CVSS 7.6 (high): Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a…
CVE-2005-2549 — CVSS 7.5 (high): Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and…
CVE-2005-2550 — CVSS 7.5 (high): Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly…
CVE-2013-4166 — CVSS 7.5 (high): The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and…
CVE-2007-3257 — CVSS 6.8 (medium): Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via…
CVE-2008-0072 — CVSS 6.8 (medium): Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote…
CVE-2020-11879 — CVSS 6.5 (medium): An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website…
CVE-2018-15587 — CVSS 6.5 (medium): GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that…
CVE-2017-17689 — CVSS 5.9 (medium): The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext…
CVE-2006-0528 — CVSS 5.0 (medium): The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service…
CVE-2007-1266 — CVSS 5.0 (medium): Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually…
CVE-2006-0040 — CVSS 5.0 (medium): GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail…
CVE-2011-3201 — CVSS 4.3 (medium): GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL…
CVE-2021-3349 — CVSS 3.3 (low): GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution…
CVE-2006-2789 — CVSS 2.6 (low): Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a…
CVE-2009-1631 — CVSS 2.1 (low): The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories…