SUSE CVE-2016-20011

libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync...

SUSE CVE-2021-39359

In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

SUSE CVE-2021-39358

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

OESA-2022-1937 gfbgraph security update

GLib/GObject wrapper for the Facebook Graph API that integrates with GNOME Online Accounts. Security Fixes: In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks...

gfbgraph: missing TLS certificate verification

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

OESA-2021-1434 gfbgraph security update

GLib/GObject wrapper for the Facebook Graph API. Security Fixes: In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to...

The vulnerability of the RSS/Atom/Pie LibGRSS library, related to errors in the authentication process for certificates, allows attackers to compromise the integrity of data.

The vulnerability of the RSS/Atom/Pie LibGRSS library is related to errors in the TLS certificate validation process when loading streams. This occurs due to a standard behavior of the SoupSessionSync library. Exploiting this vulnerability could allow an attacker to compromise the integrity of da...

DEBIAN-CVE-2021-39360

In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

DEBIAN-CVE-2021-39359

In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

UBUNTU-CVE-2021-39361

In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

UBUNTU-CVE-2021-39359

In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

UBUNTU-CVE-2021-39358

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011...

DEBIAN-CVE-2016-20011

libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync...

libgrss 信任管理问题漏洞

libgrss is a Glib library for handling RSS, Atom and other formats of feeds. A security vulnerability exists in libgrss version 0.7.0, which stems from libgrss' inability to perform TLS certificate validation when downloading a feed, and can be exploited by remote attackers to manipulate the...