15 matches found
EUVD-2018-7461
Malware in sbrugna...
Improper Verification of Cryptographic Signature
Overview portage is a Portage is the package management and distribution system for Gentoo Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the checkfilesignaturegpgunwrapped function. Due to the lack of enforcing of the presence of VALIDSIG...
Oracle Linux 7 : evolution (ELSA-2020-1080)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1080 advisory. - Update patch for RH bug 1686408 CVE-2018-15587: Reposition signature bar - Add patch for RH bug 1686408 CVE-2018-15587: Reposition signature bar - Ad...
SUSE CVE-2018-15587
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment...
SUSE-SU-2022:2748-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 91.12 changed: Support for Google Talk chat accounts removed fixed: OpenPGP signatures were broken when 'Primary Password' dialog remained open fixed: Various security fixes - Security fixes MFSA 2022-31...
Amazon Linux 2 : evolution (ALAS-2020-1476)
The version of evolution installed on the remote host is prior to 3.28.5-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1476 advisory. GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted ema...
SUSE-SU-2019:1391-2 Security update for evolution
This update for evolution fixes the following issue: Security issue fixed: - CVE-2018-15587: Fixed OpenPGP signatures spoofing via specially crafted email that contains a valid signature bsc1125230...
Debian DSA-4457-1 : evolution - security update
Hanno Bock discovered that Evolution was vulnerable to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted HTML email. This issue was mitigated by moving the security bar with encryption and signature information above the message headers. C Tenable Network Security,...
Security update for evolution (moderate)
openSUSE Security Update: Security update for evolution Announcement ID: openSUSE-SU-2019:1528-1 Rating: moderate References: 1125230 Cross-References: CVE-2018-15587 Affected Products: openSUSE Leap 42.3 An update that fixes one vulnerability is now available. Description: This update for...
SUSE-SU-2019:1391-1 Security update for evolution
This update for evolution fixes the following issue: Security issue fixed: - CVE-2018-15587: Fixed OpenPGP signatures spoofing via specially crafted email that contains a valid signature bsc1125230...
[ASA-201904-1] evolution: content spoofing
Arch Linux Security Advisory ASA-201904-1 ========================================= Severity: High Date : 2019-04-02 CVE-ID : CVE-2018-15587 Package : evolution Type : content spoofing Remote : Yes Link : https://security.archlinux.org/AVG-889 Summary ======= The package evolution before version...
CVE-2018-15586
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email...
CVE-2018-15587
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment...
CVE-2017-2623
It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail to be rejected as expected. This issue is partially mitigated on RHEL Atomic Host, where certifica...
DEBIAN-CVE-2011-1829
APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message...