The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ximian | evolution | 1.0.3 |
| ximian | evolution | 1.0.4 |
| ximian | evolution | 1.0.6 |
| ximian | evolution | 1.0.8 |
| ximian | evolution | 1.0.7 |
| ximian | evolution | 1.0.5 |
Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of service (memory consumption and crash) via an email with a malformed MIME header.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ximian | evolution | 1.0.3 |
| ximian | evolution | 1.0.4 |
The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ximian | evolution | 1.0.3 |
| ximian | evolution | 1.1.1 |
| ximian | evolution | 1.2.1 |
| ximian | evolution | 1.2 |
| ximian | evolution | 1.2.2 |
| ximian | evolution | 1.0.4 |
| ximian | evolution | 1.0.6 |
| ximian | evolution | 1.0.8 |
| ximian | evolution | 1.0.7 |
| ximian | evolution | 1.0.5 |
Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ximian | evolution | 1.0.3 |
| ximian | evolution | 1.1.1 |
| ximian | evolution | 1.2.1 |
| ximian | evolution | 1.2 |
| ximian | evolution | 1.2.2 |
| ximian | evolution | 1.0.4 |
| ximian | evolution | 1.0.6 |
| ximian | evolution | 1.0.8 |
| ximian | evolution | 1.0.7 |
| ximian | evolution | 1.0.5 |
The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ximian | evolution | 1.0.3 |
| ximian | evolution | 1.1.1 |
| ximian | evolution | 1.2.1 |
| ximian | evolution | 1.2 |
| ximian | evolution | 1.2.2 |
| ximian | evolution | 1.0.4 |
| ximian | evolution | 1.0.6 |
| ximian | evolution | 1.0.8 |
| ximian | evolution | 1.0.7 |
| ximian | evolution | 1.0.5 |
The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ximian | evolution | 1.2.4 |
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| university_of_washington | pine | 4.53 |
| sylpheed | sylpheed_email_client | 0.8.11 |
| mozilla | mozilla | 1.4 |
| mozilla | mozilla | 1.3 |
| ximian | evolution | 1.2.4 |
| stuart_parmenter | balsa | 2.0.10 |
| microsoft | outlook_express | 6.00.2800.1106 |
| qualcomm | eudora | 5.2.1 |
| mutt | mutt | 1.4.1 |
Evolution 2.0.3 allows remote attackers to cause a denial of service (application crash or hang) via crafted messages, possibly involving charsets in attachment filenames.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ximian | evolution | 2.0.3 |