Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Perl HTTP [CVE-2023-31486]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Perl HTTP Tiny module, caused by the failure to verify TLS certificates by default and requiring users to opt in to verify certificates CVE-2023-31486. Perl HTTP is used as a component ...

CentOS 9 : perl-HTTP-Tiny-0.076-461.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the perl- HTTP-Tiny-0.076-461.el9 build changelog. - HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration whe...

The vulnerability of the tool_cb_wrt component (src/tool_cb_wrt.c) in the command-line utilities curl and tiny-curl, which allows a attacker to disclose protected information

The vulnerability of the toolcbwrt component src/toolcbwrt.c in the command-line utilities curl and tiny-curl is related to a shift of one index position in the array index beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose...

Exposed Docker APIs Under Attack in 'Commando Cat' Cryptojacking Campaign

Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat. "The campaign deploys a benign container generated using the Commando project," Cado security researchers Nate Bill and Matt Muir said in a new report published today...

Moderate: Red Hat Security Advisory: perl-HTTP-Tiny security update

An update for perl-HTTP-Tiny is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

CVE-2023-52071

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

RHEL 8 : perl-HTTP-Tiny (RHSA-2024:0579)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0579 advisory. HTTP::Tiny is a small and simple HTTP/1.1 client written in Perl. Security Fixes: http-tiny: insecure TLS cert default CVE-2023-31486 For more detail...

PT-2024-1741 · Tiny-Curl +2 · Tiny-Curl +2

Name of the Vulnerable Software and Affected Versions: curl versions 8.4.0 through 8.5.0 tiny-curl version 8.4.0 Description: The issue is related to an off-by-one out-of-bounds array index in the tool cb wrt component of the curl and tiny-curl utilities. This could allow a remote attacker to...

http-tiny: perl: insecure TLS cert default

A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verifySSL=1 flag to ensure secure HTTPS connections. This oversight can potentially expose...

Moderate: Red Hat Security Advisory: perl-HTTP-Tiny security update

An update for perl-HTTP-Tiny is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

RHEL 8 : perl-HTTP-Tiny (RHSA-2024:0422)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0422 advisory. HTTP::Tiny is a small and simple HTTP/1.1 client written in Perl. Security Fixes: http-tiny: insecure TLS cert default CVE-2023-31486 For more detail...

CVE-2021-42145

An assertion failure discovered in in checkcertificaterequest in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers to cause a denial of service...

CVE-2021-42141

An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets ClientHello, Clientkeyexchange, and Changecipherspec, which may cause denial of service...

Contiki-NG Security Vulnerability

Contiki-NG is an open source cross-platform operating system for next-generation IoT Internet of Things devices. A security vulnerability exists in Contiki-NG tinyDTLS version 2018-08-30 and prior versions, which stems from a vulnerability in the DTLS server that allows a remote attacker to reuse...

CVE-2022-3899

The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged ...

CVE-2022-3899

The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged ...

Cross site request forgery (csrf)

The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged ...

CVE-2022-3899

The CVE-2022-3899 entry describes a CSRF vulnerability in the 3dprint WordPress plugin (versions prior to 3.5.6.9) that uses a modified Tiny File Manager. The underlying issue is a lack of CSRF protection in the file management component, allowing an attacker to craft a request that can delete fi...

EulerOS Virtualization 3.0.6.0 : perl (EulerOS-SA-2023-3442)

According to the versions of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. CVE-2023-31484 - HTTP::Tiny before...

EulerOS Virtualization 2.9.0 : perl-HTTP-Tiny (EulerOS-SA-2023-2994)

According to the versions of the perl-HTTP-Tiny package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS...