Filtered by vendor Gnome
Subscriptions
Filtered by product Geary
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-13324 | 1 Gnome | 1 Geary | 2026-06-26 | 6.5 Medium |
| A vulnerability has been identified in the **GNOME Geary** package within its **`mailto` URI handling** component. This flaw occurs because the email client automatically processes a non-standard `attach` parameter in email links without prompting or alerting the user. An attacker could exploit this by tricking a user into clicking a specially crafted link (for example, `mailto:user@example.com?attach=/path/to/sensitive_file`). When clicked, Geary will automatically open a new compose window with the specified local file already attached. Because there is no dialog box or visual warning indicating that the file was attached by the link rather than the user, the user might unknowingly send sensitive files or data to the attacker upon hitting send. | ||||
| CVE-2020-24661 | 2 Fedoraproject, Gnome | 2 Fedora, Geary | 2024-11-21 | 5.9 Medium |
| GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail. | ||||
Page 1 of 1.