[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248585

 
 

909

 
 

195621

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 194644 Download | Alert*

[0.3.6-3] + grilo-0.3.6-3 - Fix TLS not being validated correctly - Resolves: rhbz#1997234

Michael Catanzaro reported a problem in Grilo, a framework for discovering and browsing media. TLS certificate verification is not enabled on the SoupSessionAsync objects created by Grilo, leaving users vulnerable to network MITM attacks.

grilo: Framework for discovering and browsing media - GObject introspect grilo could be made to allow MITM attacks.

This update for grilo fixes the following issues: - CVE-2021-39365: Fixed missing TLS certificate verification .

grilo: Framework for discovering and browsing media - GObject introspect grilo could be made to allow MITM attacks.

Grilo is a framework that provides access to different sources of multimedia content, using a pluggable system. The grilo package contains the core library and elements. Security Fix: * grilo: missing TLS certificate verification For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the Refere ...

Michael Catanzaro reported a problem in Grilo, a framework for discovering and browsing media. TLS certificate verification is not enabled on the SoupSessionAsync objects created by Grilo, leaving users vulnerable to network MITM attacks.

A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content

The Public Key Infrastructure Core contains fundamental packages required by AlmaLinux Certificate System.


Pages:      Start    8540    8541    8542    8543    8544    8545    8546    8547    8548    8549    8550    8551    8552    8553    ..   19464

© SecPod Technologies