CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

159 matches found

Tenable Nessus•added 2023/11/14 12:0 a.m.•24 views

CentOS 8 : perl-HTTP-Tiny (CESA-2023:7174)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2023:7174 advisory. - HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in t...

8.1CVSS7.1AI score0.00767EPSS

Exploits0References2

OSV•added 2023/11/14 12:0 a.m.•18 views

ALSA-2023:7174 Moderate: perl-HTTP-Tiny security update

HTTP::Tiny is a small and simple HTTP/1.1 client written in Perl. Security Fixes: http-tiny: insecure TLS cert default CVE-2023-31486 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in th...

8.1CVSS7.6AI score0.00767EPSS

Exploits0References4

Tenable Nessus•added 2023/11/14 12:0 a.m.•19 views

RHEL 8 : perl-HTTP-Tiny (RHSA-2023:7174)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7174 advisory. HTTP::Tiny is a small and simple HTTP/1.1 client written in Perl. Security Fixes: http-tiny: insecure TLS cert default CVE-2023-31486 For more detail...

8.1CVSS7.2AI score0.00767EPSS

Exploits0References6

AlmaLinux•added 2023/11/14 12:0 a.m.•29 views

Moderate: perl-HTTP-Tiny security update

8.1CVSS6.9AI score0.00767EPSS

Exploits0References4

Oracle linux•added 2023/11/11 12:0 a.m.•22 views

perl-HTTP-Tiny security update

0.076-461 - Changes the verifySSL default parameter from 0 to 1 - CVE-2023-31486 - Resolves: rhbz2228412...

8.1CVSS8.1AI score0.00767EPSS

Exploits0

OpenVAS•added 2023/11/09 12:0 a.m.•18 views

Huawei EulerOS: Security Advisory for perl (EulerOS-SA-2023-3142)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS8.5AI score0.01523EPSS

Exploits1References2

OpenVAS•added 2023/11/09 12:0 a.m.•15 views

Huawei EulerOS: Security Advisory for perl-HTTP-Tiny (EulerOS-SA-2023-3144)

8.1CVSS8.3AI score0.00767EPSS

Exploits0References2

RedHat Linux•added 2023/11/07 8:32 a.m.•0 views

perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS

A flaw was found in Perl's CPAN, which doesn't check TLS certificates when downloading content. This happens due to verifySSL missing when suing the HTTP::Tiny library during the connection. This may allow an attacker to inject into the network path and perform a Man-In-The-Middle attack, causing...

8.1CVSS7.3AI score0.01523EPSS

Exploits1References4

RedHat Linux•added 2023/11/07 8:17 a.m.•29 views

Moderate: Red Hat Security Advisory: perl-HTTP-Tiny security update

An update for perl-HTTP-Tiny is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.1CVSS6.8AI score0.00767EPSS

Exploits0References3

RedHat Linux•added 2023/11/07 8:17 a.m.•2 views

http-tiny: perl: insecure TLS cert default

A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verifySSL=1 flag to ensure secure HTTPS connections. This oversight can potentially expose...

8.1CVSS6.9AI score0.00767EPSS

Exploits0References4

Tenable Nessus•added 2023/11/07 12:0 a.m.•22 views

RHEL 9 : perl-HTTP-Tiny (RHSA-2023:6542)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:6542 advisory. HTTP::Tiny is a small and simple HTTP/1.1 client written in Perl. Security Fixes: http-tiny: insecure TLS cert default CVE-2023-31486 For more detail...

8.1CVSS7.2AI score0.00767EPSS

Exploits0References6

AlmaLinux•added 2023/11/07 12:0 a.m.•52 views

Moderate: perl-HTTP-Tiny security update

8.1CVSS7.1AI score0.00767EPSS

Exploits0References4

OSV•added 2023/11/07 12:0 a.m.•21 views

ALSA-2023:6542 Moderate: perl-HTTP-Tiny security update

8.1CVSS7.6AI score0.00767EPSS

Exploits0References4

RustSec•added 2023/11/06 12:0 p.m.•1 views

`littest` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the malicious user http-tiny and contained a malware payload in build.rs to exfiltrate host information to the attacker. This advisory is to retrospectively document this attempted attack. The version information and download...

5.8AI score

Exploits0

OpenVAS•added 2023/11/01 12:0 a.m.•18 views

Huawei EulerOS: Security Advisory for perl-HTTP-Tiny (EulerOS-SA-2023-3078)

8.1CVSS8.3AI score0.00767EPSS

Exploits0References2

OpenVAS•added 2023/10/31 12:0 a.m.•9 views

Huawei EulerOS: Security Advisory for perl-HTTP-Tiny (EulerOS-SA-2023-3061)

8.1CVSS7.8AI score0.00767EPSS

Exploits0References2

OpenVAS•added 2023/10/31 12:0 a.m.•15 views

Huawei EulerOS: Security Advisory for perl (EulerOS-SA-2023-3060)