返回 CVE 浏览器

CVE-2016-10727

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1570%

EPSS Percentile26.42th

Published2018年7月20日

Last Modified2024年11月21日

Vulnerability Description

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.

Affected Platforms (CPE)

💻

Canonical

Ubuntu Linux

= 14.04

💻

Canonical

Ubuntu Linux

= 16.04

📦

Gnome

Evolution

< 3.21.2

References & Advisories

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1334842

🔗 https://github.com/GNOME/evolution-data-server/releases/tag/EVOLUTION_DATA_SERVER_3_21_2

🔗 https://gitlab.gnome.org/GNOME/evolution-data-server/blob/master/NEWS#L1022

🔗 https://gitlab.gnome.org/GNOME/evolution-data-server/commit/f26a6f67

🔗 https://usn.ubuntu.com/3724-1/

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1334842

🔗 https://github.com/GNOME/evolution-data-server/releases/tag/EVOLUTION_DATA_SERVER_3_21_2

🔗 https://gitlab.gnome.org/GNOME/evolution-data-server/blob/master/NEWS#L1022

相关漏洞威胁

CVE-2021-344239.8

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before ve...

CVE-2018-66349.8

A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maint...

CVE-2021-34938.8

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file cap...

CVE-2021-34928.8

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during cop...