GNOME Evolution 3.32.2

CPE Details

GNOME Evolution 3.32.2
3.32.2
2019-10-29
15h37 +00:00
2019-10-29
15h37 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnome:evolution:3.32.2:*:*:*:*:*:*:*

Informations

Vendor

gnome

Product

evolution

Version

3.32.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2009-3721 2021-05-26 19h06 +00:00 Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments.
7.8
High
CVE-2021-3349 2021-02-01 03h04 +00:00 GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior
3.3
Low
CVE-2020-11879 2020-04-17 15h07 +00:00 An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value.
6.5
Medium
CVE-2009-2404 2009-08-03 12h00 +00:00 Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
9.3