CVE-2016-10617

CVE-2016-10617 involves vulnerable box2d-native behavior where binary resources are downloaded over HTTP, enabling man-in-the-middle (MITM) tampering. The provided sources describe that an attacker with a privileged network position can intercept the response and replace the binary with a malicio...

CVE-2016-10608

robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker i...

CVE-2016-10617

box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the...

CVE-2016-10581

CVE-2016-10581 concerns the Steroids library (PhoneGap on Steroids), which downloads zipped resources over HTTP. The description states this makes it vulnerable to MITM attacks and, if an attacker can position themselves between the user and the server, may allow remote code execution by swapping...

CVE-2016-10600

The CVE-2016-10600 entry concerns the webrtc-native component, which uses WebRTC from the Chromium project. The vulnerability arises because webrtc-native downloads binary resources over HTTP, enabling a man‑in‑the‑middle attacker to intercept or replace the binary and potentially achieve remote ...

native-opencv file download vulnerability

native-opencv is an open source computer vision library with multi-platform support. A security vulnerability exists in native-opencv that originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerability by intercepting th...

CVE-2016-10658

The CVE-2016-10658 entry concerns the native-opencv npm package, which downloads binary resources over HTTP. This insecure download path allows a network-positioned attacker to MITM and replace the requested binary with a malicious version, potentially leading to remote code execution on the host...

Malicious Package

Overview Version 0.0.7 of react-server-native contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.7 of this module is found...

native-instruments.com XSS vulnerability

Open Bug Bounty ID: OBB-611395 Description| Value ---|--- Affected Website:| native-instruments.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Xxe

Multiple XML external entity XXE vulnerabilities in 1 CQWeb / CM Server, 2 ClearQuest Native client, 3 ClearQuest Eclipse client, and 4 ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1....

Securing Cloud-Native Applications

A conversation with Randy Bias Last week we were able to sit down with Randy Bias — a cloud pioneer and a technology visionary who currently oversees Juniper Networks cloud strategy. We have asked Randy to share his thoughts on the security of private and public clouds and specifically cloud-nati...

Race condition

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, while the DPM native process is processing framework events, the iterator pointer is deleted aft...

CVE-2017-18145

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, while the DPM native process is processing framework events, the iterator pointer is deleted aft...

CVE-2015-2020

The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

Code injection

The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

Code injection

The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

Code injection

The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

Code injection

The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

Code injection

The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...

Code injection

The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function...