Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-39358

Опубликовано: 22 авг. 2021
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-295
https://bugzilla.redhat.com/show_bug.cgi?id=1997139gfbgraph: missing TLS certificate verification

EPSS

Процентиль: 55%
0.00331
Низкий

7.5 High

CVSS3

Связанные уязвимости

CVSS3: 5.9
ubuntu
почти 4 года назад

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

CVSS3: 5.9
nvd
почти 4 года назад

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

CVSS3: 5.9
debian
почти 4 года назад

In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable T ...

suse-cvrf
почти 3 года назад

Security update for gfbgraph

rocky
около 3 лет назад

Moderate: gfbgraph security update

EPSS

Процентиль: 55%
0.00331
Низкий

7.5 High

CVSS3