1025 matches found
WordPress plugin 3dprint security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...
Improper Certificate Validation
CPAN.pm is vulnerable to Improper Certificate Validation. The vulnerability is caused due to not verifying TLS certificates when downloading distributions over HTTPS because verifyssl is missing when using HTTP::Tiny library during the connection. This can allow an attacker to inject into the...
Improper Certificate Validation
HTTP::Tiny is vulnerable to Improper Certificate Validation. The vulnerability is caused due to an Insecure Default Initialization of Resource flaw where TLS certificates were not verified by default. This can lead to loss of confidentiality, integrity, and availability...
Tiny Technologies TinyMCE Cross-Site Scripting Vulnerability
Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, USA. A cross-site scripting vulnerability exists in TinyMCE versions prior to 5.10.0 that could allow an attacker to execute arbitrary JavaScript when updating an image or link with a specially crafted URL...
Huawei EulerOS: Security Advisory for perl (EulerOS-SA-2023-3442)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for perl-HTTP-Tiny (EulerOS-SA-2023-3444)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for perl-HTTP-Tiny (EulerOS-SA-2023-3411)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2023-49287
TinyDir is a lightweight C directory and file reader. Buffer overflows in the tinydirfileopen function. This vulnerability has been patched in version 1.2.6...
UBUNTU-CVE-2023-49287
TinyDir is a lightweight C directory and file reader. Buffer overflows in the tinydirfileopen function. This vulnerability has been patched in version 1.2.6...
CLSA-2023-1701293817 perl: Fix of 2 CVEs
CVE-2023-31484: fix possible MITM attach due to missing SSL verification - CVE-2023-31486: add verifySSL=1 to HTTP::Tiny default configuration...
Oracle Linux 8 : perl-HTTP-Tiny (ELSA-2023-7174)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-7174 advisory. - Changes the verifySSL default parameter from 0 to 1 - CVE-2023-31486 Tenable has extracted the preceding description block directly from the Oracle Linux...
perl-HTTP-Tiny security update
0.074-2 - Changes the verifySSL default parameter from 0 to 1 - CVE-2023-31486 - Resolves: rhbz2228409...
Oracle Linux 9 : perl-HTTP-Tiny (ELSA-2023-6542)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-6542 advisory. - Changes the verifySSL default parameter from 0 to 1 - CVE-2023-31486 Tenable has extracted the preceding description block directly from the Oracle Linux...
Tiny Technologies TinyMCE Security Vulnerability
Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, USA. A security vulnerability exists in Tiny Technologies TinyMCE, which stems from a mutated cross-site scripting mXSS vulnerability in the undo/redo function and other APIs and plugins. Affected products and versions: TinyM...
Moderate: Red Hat Security Advisory: perl-HTTP-Tiny security update
An update for perl-HTTP-Tiny is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
http-tiny: perl: insecure TLS cert default
A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verifySSL=1 flag to ensure secure HTTPS connections. This oversight can potentially expose...
CentOS 8 : perl-HTTP-Tiny (CESA-2023:7174)
The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2023:7174 advisory. - HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in t...
ALSA-2023:7174 Moderate: perl-HTTP-Tiny security update
HTTP::Tiny is a small and simple HTTP/1.1 client written in Perl. Security Fixes: http-tiny: insecure TLS cert default CVE-2023-31486 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in th...
RHEL 8 : perl-HTTP-Tiny (RHSA-2023:7174)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7174 advisory. HTTP::Tiny is a small and simple HTTP/1.1 client written in Perl. Security Fixes: http-tiny: insecure TLS cert default CVE-2023-31486 For more detail...
Moderate: perl-HTTP-Tiny security update
HTTP::Tiny is a small and simple HTTP/1.1 client written in Perl. Security Fixes: http-tiny: insecure TLS cert default CVE-2023-31486 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in th...