CVE-2016-20011 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-20011 Interim 1 23 2023-02-17T01:09:31Z current 2021-05-30T13:49:46Z 2023-02-17T01:09:31Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-20011 libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync. CVE-2016-20011 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N