MidnightBSD

Advisories for ximian

CVE-2002-1471 MEDIUM

The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ximian evolution 1.0.3
ximian evolution 1.0.4
ximian evolution 1.0.6
ximian evolution 1.0.8
ximian evolution 1.0.7
ximian evolution 1.0.5
CVE-2002-1765 MEDIUM

Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of service (memory consumption and crash) via an email with a malformed MIME header.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ximian evolution 1.0.3
ximian evolution 1.0.4
CVE-2003-0128 MEDIUM

The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ximian evolution 1.0.3
ximian evolution 1.1.1
ximian evolution 1.2.1
ximian evolution 1.2
ximian evolution 1.2.2
ximian evolution 1.0.4
ximian evolution 1.0.6
ximian evolution 1.0.8
ximian evolution 1.0.7
ximian evolution 1.0.5
CVE-2003-0129 MEDIUM

Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ximian evolution 1.0.3
ximian evolution 1.1.1
ximian evolution 1.2.1
ximian evolution 1.2
ximian evolution 1.2.2
ximian evolution 1.0.4
ximian evolution 1.0.6
ximian evolution 1.0.8
ximian evolution 1.0.7
ximian evolution 1.0.5
CVE-2003-0130 MEDIUM

The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ximian evolution 1.0.3
ximian evolution 1.1.1
ximian evolution 1.2.1
ximian evolution 1.2
ximian evolution 1.2.2
ximian evolution 1.0.4
ximian evolution 1.0.6
ximian evolution 1.0.8
ximian evolution 1.0.7
ximian evolution 1.0.5
CVE-2003-0296 HIGH

The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ximian evolution 1.2.4
CVE-2003-0300 MEDIUM

The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
university_of_washington pine 4.53
sylpheed sylpheed_email_client 0.8.11
mozilla mozilla 1.4
mozilla mozilla 1.3
ximian evolution 1.2.4
stuart_parmenter balsa 2.0.10
microsoft outlook_express 6.00.2800.1106
qualcomm eudora 5.2.1
mutt mutt 1.4.1
CVE-2005-0806 MEDIUM

Evolution 2.0.3 allows remote attackers to cause a denial of service (application crash or hang) via crafted messages, possibly involving charsets in attachment filenames.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ximian evolution 2.0.3