CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Skip to content

GitLab 

*   

Projects Groups Topics Snippets

*   /
    
*   

*   Help
    
    *   Help
    *   Support
    *   Community forum
    
    *   Submit feedback
    *   Contribute to GitLab
    
*   Register
*   Sign in

*   GNOME
*   libgda
*   Issues
*   #249

**(CVE-2021-39359) gda-web-provider.c does not perform TLS certificate verification**

gda-web-provider.c uses soup\_session\_sync\_new() but does not appear to have any code to enable TLS certificate verification. This looks like the same vulnerability as libgrss#4.

Edited Aug 22, 2021 by Michael Catanzaro

Headline

CVE-2021-39359: (CVE-2021-39359) gda-web-provider.c does not perform TLS certificate verification (#249) · Issues · GNOME / libgda · GitLab

CVE: Latest News