CyberSec.Space Logo
Back to CVE Browser

CVE-2016-10727

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1570%
EPSS Percentile26.42th
PublishedJul 20, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.

Affected Platforms (CPE)

πŸ’»
Canonical

Ubuntu Linux

= 14.04
πŸ’»
Canonical

Ubuntu Linux

= 16.04
πŸ“¦
Gnome

Evolution

< 3.21.2

References & Advisories

πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1334842
πŸ”— https://github.com/GNOME/evolution-data-server/releases/tag/EVOLUTION_DATA_SERVER_3_21_2
πŸ”— https://gitlab.gnome.org/GNOME/evolution-data-server/blob/master/NEWS#L1022
πŸ”— https://gitlab.gnome.org/GNOME/evolution-data-server/commit/f26a6f67
πŸ”— https://usn.ubuntu.com/3724-1/
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1334842
πŸ”— https://github.com/GNOME/evolution-data-server/releases/tag/EVOLUTION_DATA_SERVER_3_21_2
πŸ”— https://gitlab.gnome.org/GNOME/evolution-data-server/blob/master/NEWS#L1022

Related Vulnerabilities

CVE-2021-344239.8

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before ve...

CVE-2018-66349.8

A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maint...

CVE-2021-34938.8

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file cap...

CVE-2021-34928.8

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during cop...