exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 13

BDU:2021-01328

больше 5 лет назад

Уязвимость реализации GTlsClientConnection библиотеки glib-networking, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

CVSS3: 6.5

EPSS: Низкий

CVE-2020-13645

больше 5 лет назад

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.

CVSS3: 6.5

EPSS: Низкий

CVE-2020-13645

почти 6 лет назад

CVSS3: 6.5

EPSS: Низкий

CVE-2020-13645

больше 5 лет назад

CVSS3: 6.5

EPSS: Низкий

CVE-2020-13645

больше 5 лет назад

In GNOME glib-networking through 2.64.2 the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior to fail the certificate verification. Applications that fail to provide the server identity including Balsa before 2.5.11 and 2.6.x before 2.6.1 accept a TLS certificate if the certificate is valid for any host.

CVSS3: 6.5

EPSS: Низкий

CVE-2020-13645

больше 5 лет назад

In GNOME glib-networking through 2.64.2, the implementation of GTlsCli ...

CVSS3: 6.5

EPSS: Низкий

openSUSE-SU-2021:3944-1

около 4 лет назад

Security update for glib-networking

EPSS: Низкий

openSUSE-SU-2021:1554-1

около 4 лет назад

Security update for glib-networking

EPSS: Низкий

openSUSE-SU-2021:1094-1

больше 4 лет назад

Security update for balsa

EPSS: Низкий

SUSE-SU-2021:4004-1

около 4 лет назад

Security update for glib-networking

EPSS: Низкий

SUSE-SU-2021:3997-1

около 4 лет назад

Security update for glib-networking

EPSS: Низкий

SUSE-SU-2021:3944-1

около 4 лет назад

Security update for glib-networking

EPSS: Низкий

GHSA-p43h-5x4h-9pp7

больше 3 лет назад

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
BDU:2021-01328 Уязвимость реализации GTlsClientConnection библиотеки glib-networking, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность	CVSS3: 6.5	1% Низкий	больше 5 лет назад
CVE-2020-13645 In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.	CVSS3: 6.5	1% Низкий	больше 5 лет назад
CVE-2020-13645 In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.	CVSS3: 6.5	1% Низкий	почти 6 лет назад
CVE-2020-13645 In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.	CVSS3: 6.5	1% Низкий	больше 5 лет назад
CVE-2020-13645 In GNOME glib-networking through 2.64.2 the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior to fail the certificate verification. Applications that fail to provide the server identity including Balsa before 2.5.11 and 2.6.x before 2.6.1 accept a TLS certificate if the certificate is valid for any host.	CVSS3: 6.5	1% Низкий	больше 5 лет назад
CVE-2020-13645 In GNOME glib-networking through 2.64.2, the implementation of GTlsCli ...	CVSS3: 6.5	1% Низкий	больше 5 лет назад
openSUSE-SU-2021:3944-1 Security update for glib-networking		1% Низкий	около 4 лет назад
openSUSE-SU-2021:1554-1 Security update for glib-networking		1% Низкий	около 4 лет назад
openSUSE-SU-2021:1094-1 Security update for balsa		1% Низкий	больше 4 лет назад
SUSE-SU-2021:4004-1 Security update for glib-networking		1% Низкий	около 4 лет назад
SUSE-SU-2021:3997-1 Security update for glib-networking		1% Низкий	около 4 лет назад
SUSE-SU-2021:3944-1 Security update for glib-networking		1% Низкий	около 4 лет назад
GHSA-p43h-5x4h-9pp7 In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.		1% Низкий	больше 3 лет назад

Уязвимостей на страницу