Published: 11/02/2019 Updated: 10/06/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

GNOME Evolution up to and including 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome evolution
debian debian linux 8.0

Debian Bug report logs - #924616 CVE-2018-15587: Signature Spoofing in PGP encrypted email Package: src:evolution; Maintainer for src:evolution is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 14 Mar 2019 22:21:02 UTC Severity: gr ...

Evolution Data Server would sometimes display email content as encrypted when it was not ...

Synopsis Moderate: evolution security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for evolution, evolution-data-server, evolution-ews, and atk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Modera ...

Synopsis Moderate: evolution security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for evolution, evolution-data-server, and evolution-ews is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A ...

Hanno Böck discovered that Evolution was vulnerable to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted HTML email This issue was mitigated by moving the security bar with encryption and signature information above the message headers For the stable distribution (stretch), this problem has been fixed in version 3 ...

GNOME Evolution through 3282 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment (CVE-2018-15587) ...

GNOME Evolution through 3282 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment ...

oss-sec mailing list archives   By Date By Thread </form>    Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)   Fro ...

CWE-347 https://bugzilla.gnome.org/show_bug.cgi?id=796424 https://lists.debian.org/debian-lts-announce/2019/04/msg00027.html http://www.openwall.com/lists/oss-security/2019/04/30/4 http://seclists.org/fulldisclosure/2019/Apr/38 http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf https://github.com/RUB-NDS/Johnny-You-Are-Fired http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00061.html https://usn.ubuntu.com/3998-1/https://www.debian.org/security/2019/dsa-4457 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00024.html https://seclists.org/bugtraq/2019/Jun/7 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924616 https://usn.ubuntu.com/3998-1/https://nvd.nist.gov

CVE-2018-15587

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect