Debian Evolution-Data-Server vulnerabilities

CVE-2026-2604 CVE-2026-2604: evolution-data-server bookworm: open bullseye: resolved (fixed in 3.38.3-1+deb11u3) forky: resolved (fixed in 3.56.2-8) sid: resolved (fixed in 3.56.2-8) trixie: open

CVE-2020-16117 [MEDIUM] CVE-2020-16117: evolution-data-server - In GNOME evolution-data-server before 3.35.91, a malicious server can crash the ... In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server. Scope: local bookworm: resolved (fixed in 3.36.0-1) bullseye: resolved (fixed i

CVE-2020-14928 [MEDIUM] CVE-2020-14928: evolution-data-server - evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that a... evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection." Scope: local bookworm: resolved (fixed in 3.36.4-1) bullseye: resolved (fixed in 3.36.4-1) forky: resolved (fixed in 3.

CVE-2018-12422 [CRITICAL] CVE-2018-12422: evolution-data-server - addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOM... addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a lar

CVE-2016-10727 [CRITICAL] CVE-2016-10727: evolution-data-server - camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolu... camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server co

CVE-2009-0587 [HIGH] CVE-2009-0587: evolution-data-server - Multiple integer overflows in Evolution Data Server (aka evolution-data-server) ... Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel. Scope: local bookworm: resolved (fixed in 2.22.3-

CVE-2009-0582 [MEDIUM] CVE-2009-0582: evolution-data-server - The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/c... The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail

CVE-2009-0547 [MEDIUM] CVE-2009-0547: evolution-data-server - Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text wi... Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077. Scope: local bookworm: resolved (fixed in 2.24.5-2) bullseye: resol

CVE-2007-3257 [MEDIUM] CVE-2007-3257: evolution - Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.... Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index. Scope: local bookworm: resolved (fixed in 2.12.0-1) bullseye: resolved (fixed in 2.12.0-1) forky: resolved (fixed in 2.12.0-1) sid: resolved (fixed in 2.12.0