threat
engine
.sh
Back
·
··:··
Home
/
Product
/
gnome evolution
Product
gnome evolution
51 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-29844
<= 2.04.560
Default credentials on the Web Interface of Evolution Controller 2.x allows anyone to log in to the server directly to perform adm
9.8
CRITICAL
CVE-2024-29843
<= 2.04.560
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on MOBI
7.5
HIGH
CVE-2024-29842
<= 2.04.560
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESK
7.5
HIGH
CVE-2024-29841
<= 2.04.560
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESK
7.5
HIGH
CVE-2024-29840
<= 2.04.560
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESK
7.5
HIGH
CVE-2024-29839
<= 2.04.560
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESK
7.5
HIGH
CVE-2024-29838
<= 2.04.560
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user input, allowing fo
7.5
HIGH
CVE-2024-29837
<= 2.04.560
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below uses poor session management, allowing for an una
8.8
HIGH
CVE-2024-29836
<= 2.04.560
The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control, allowi
9.8
CRITICAL
CVE-2021-39361
<= 0.3.96
In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects
5.9
MEDIUM
CVE-2009-3721
all versions
Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is
7.8
HIGH
CVE-2021-3349
<= 3.38.3
GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because
3.3
LOW
CVE-2020-16117
< 3.35.91
In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sen
5.9
MEDIUM
CVE-2020-14928
<= 3.36.3
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin
5.9
MEDIUM
CVE-2020-11879
< 3.35.91
An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a
6.5
MEDIUM
CVE-2013-4166
<= 3.8.4
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9
7.5
HIGH
CVE-2011-3355
>= 3.0.3 and <= 3.2.1
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into th
7.3
HIGH
CVE-2019-3890
< 3.31.3
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw t
8.1
HIGH
CVE-2018-15587
<= 3.28.2
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email
6.5
MEDIUM
CVE-2016-10727
< 3.21.2
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with clear
9.8
CRITICAL
CVE-2018-12422
<= 3.29.2
addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers t
9.8
CRITICAL
CVE-2017-17689
all versions
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exf
5.9
MEDIUM
CVE-2014-1223
>= 6.1 and < 6.1.19.36103
Cross-site scripting (XSS) vulnerability in controlpanel/loading.aspx in Telligent Evolution before 6.1.19.36103, 7.x before 7.1.1
CVE-2011-3201
<= 3.0.3
GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailt
CVE-2011-0741
<= 1.0.4
Multiple cross-site scripting (XSS) vulnerabilities in ModX Evolution before 1.0.5 allow remote attackers to inject arbitrary web
CVE-2010-3930
<= 1.0.4
Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to read arbitrary files via unspecif
CVE-2010-3929
<= 1.0.4
SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unkn
CVE-2010-1427
<= 1.0.2
Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin in MODx Evolution before 1.0.3 allows remote attackers to i
CVE-2009-1631
<= 2.26.1
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain dir
CVE-2009-0582
<= 2.24.5
The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server
CVE-2009-0547
all versions
Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mai
CVE-2008-1109
all versions
Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPT
CVE-2008-1108
all versions
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code
CVE-2008-0072
<= 2.12.3
Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows rem
CVE-2007-3257
all versions
Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary
CVE-2007-1002
all versions
Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8
CVE-2007-1266
<= 2.8.1
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visu
CVE-2006-2789
all versions
Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to
CVE-2006-0040
all versions
GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e
CVE-2006-0528
all versions
The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of
CVE-2005-2550
all versions
Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and poss
CVE-2005-2549
all versions
Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash
CVE-2005-0806
all versions
Evolution 2.0.3 allows remote attackers to cause a denial of service (application crash or hang) via crafted messages, possibly in
CVE-2005-0102
<= 2.0.2
Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execut
9.8
CRITICAL
CVE-2003-0300
all versions
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large li
CVE-2003-0296
all versions
The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitra
CVE-2002-1471
all versions
The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection a
CVE-2003-0130
all versions
The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML ch
CVE-2003-0129
all versions
Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a
CVE-2003-0128
all versions
The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cau
CVE-2002-1765
all versions
Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of service (memory consumption and crash) via an email with a
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin