vulnerability

Debian: CVE-2016-10727: evolution-data-server -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Jul 20, 2018	Feb 20, 2019	Aug 15, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Jul 20, 2018

Added

Feb 20, 2019

Modified

Aug 15, 2025

Description

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.

Solution

debian-upgrade-evolution-data-server

References

CVE-2016-10727
https://attackerkb.com/topics/CVE-2016-10727
CWE-200
DEBIAN-DLA-1443-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today