Gnome Evolution-Data-Server vulnerabilities

CVE-2020-16117 [MEDIUM] CWE-476 CVE-2020-16117: In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a N In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

CVE-2020-14928 [MEDIUM] CWE-74 CVE-2020-14928: evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3 evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."

CVE-2016-10727 [CRITICAL] CVE-2016-10727: camel/providers/imapx/camel-imapx-server camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code wa

CVE-2018-12422 [CRITICAL] CVE-2018-12422: addressbook/backends/ldap/e-book-backend-ldap addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a large-enough buffer on the heap.

CVE-2009-0587 [HIGH] CVE-2009-0587: Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2 Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel.

CVE-2009-0582 [MEDIUM] CWE-20 CVE-2009-0582: The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail

CVE-2009-0547 [MEDIUM] CVE-2009-0547: Evolution 2 Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077.

CVE-2007-3257 [MEDIUM] CVE-2007-3257: Camel (camel-imap-folder Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index.