Evolution

This hub aggregates every CVE we track for Evolution, a product in the consumer software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Evolution.

• CVE-2024-29844Default credentials on web interface of Evolution Controller Versions allows attackers to login and perform administrative functions9.8Apr 14, 2024
• CVE-2024-29843Broken Access control on MOBILE_GET_USERS_LIST in Evolution Controller allows unauthenticated user enumeration7.5Apr 14, 2024
• CVE-2024-29842Broken Access control on DESKTOP_EDIT_USER_GET_ABACARD_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve ABACARD values 7.5Apr 14, 2024
• CVE-2024-29841Broken Access control on DESKTOP_EDIT_USER_GET_KEYS_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve keys values 7.5Apr 14, 2024
• CVE-2024-29840Broken Access control on DESKTOP_EDIT_USER_GET_PIN_FIELDS in Evolution Controller allows unauthenticated attackers to retrieve PIN field values7.5Apr 14, 2024
• CVE-2024-29839Broken Access control on DESKTOP_EDIT_USER_GET_CARD in Evolution Controller allows unauthenticated attackers to retrieve card data values.7.5Apr 14, 2024
• CVE-2024-29838Unsanitised variable on DAL_ADD in Evolution Controller causes application level denial of service and crash7.5Apr 14, 2024
• CVE-2024-29837Poor session management in Evolution Controller allows administrator functionality for unauthenticated connections8.8Apr 14, 2024
• CVE-2024-29836Broken Authentication on USER_CHANGE in Evolution Controller allows unauthenticated account creation and takeover9.8Apr 14, 2024
• CVE-2009-3721Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications ...7.8May 26, 2021
• CVE-2021-3349GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. ...3.3Feb 1, 2021
• CVE-2020-11879An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attac...6.5Apr 17, 2020
• CVE-2013-4166The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for emai...7.5Feb 6, 2020
• CVE-2018-15587GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated...6.5Feb 11, 2019
• CVE-2016-10727camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTL...9.8Jul 20, 2018