13 matches found
EUVD-2021-25721
Malware in sbrugna...
EUVD-2021-25726
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2016-20011
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds withou...
CVE-2021-39360
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...
Code injection
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...
CVE-2021-39360
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...
CVE-2021-39358
In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...
Code injection
In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...
Code injection
In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...
Code injection
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...
CVE-2021-39361
In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...
Updated libgrss packages fix security vulnerability
libgrss does not perform any TLS certificate verification because it uses the deprecated SoupSessionAsync, which requires manually enabling certificate verification, rather than a modern SoupSession that has good defaults CVE-2016-20011...
CVE-2016-20011
CVE-2016-20011 affects libgrss up to version 0.7.0. The issue is that TLS certificate verification is not performed when downloading feeds due to the default behavior of SoupSessionSync, allowing a remote attacker to manipulate feed contents without detection (MITM). The connected Nessus items co...