Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2016-20011

Published: 25/05/2021 Updated: 09/06/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Libgrss

Vulnerability Summary

libgrss up to and including 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote malicious users to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnome libgrss

Vendor Advisories

Debian CVElist Bug Report Logs: grilo: CVE-2021-39365
Debian Bug report logs - #992971 grilo: CVE-2021-39365 Package: src:grilo; Maintainer for src:grilo is Alberto Garcia <berto@igaliacom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 25 Aug 2021 19:15:01 UTC Severity: important Tags: security, upstream Found in versions grilo/0313-1, grilo/03 ...
Debian CVElist Bug Report Logs: gfbgraph: CVE-2021-39358
Debian Bug report logs - #993537 gfbgraph: CVE-2021-39358 Package: src:gfbgraph; Maintainer for src:gfbgraph is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 2 Sep 2021 19:57:02 UTC Severity: important Tags: security, upstre ...
Debian CVElist Bug Report Logs: evolution-rss: CVE-2021-39361: Missing TLS certificate verification
Debian Bug report logs - #996590 evolution-rss: CVE-2021-39361: Missing TLS certificate verification Package: src:evolution-rss; Maintainer for src:evolution-rss is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 15 Oct 2021 20: ...
Debian CVElist Bug Report Logs: libgda5: CVE-2021-39359
Debian Bug report logs - #993592 libgda5: CVE-2021-39359 Package: src:libgda5; Maintainer for src:libgda5 is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 3 Sep 2021 13:27:02 UTC Severity: important Tags: security, upstream ...
Debian CVElist Bug Report Logs: libgrss: CVE-2016-20011: No TLS certificate verification
Debian Bug report logs - #989149 libgrss: CVE-2016-20011: No TLS certificate verification Package: src:libgrss; Maintainer for src:libgrss is Jon Bernard <jbernard@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 26 May 2021 20:12:01 UTC Severity: important Tags: security, upstream Found ...
Debian CVElist Bug Report Logs: libzapojit: CVE-2021-39360
Debian Bug report logs - #993538 libzapojit: CVE-2021-39360 Package: src:libzapojit; Maintainer for src:libzapojit is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 2 Sep 2021 20:09:01 UTC Severity: important Tags: security, ...
Arch Linux Issues:
libgrss through 070 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection This occurs because of the default behavior of SoupSessionSync ...

References

CWE-295https://bugzilla.gnome.org/show_bug.cgi?id=772647https://gitlab.gnome.org/GNOME/libgrss/-/issues/4https://gitlab.gnome.org/GNOME/libgrss/-/merge_requests/7.patchhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992971
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook