Lucene search
+L

8 matches found

OSV
OSV
added 2020/09/01 4:10 p.m.17 views

GHSA-H2JV-5V3F-7M7J Downloads Resources over HTTP in adamvr-geoip-lite

Affected versions of adamvr-geoip-lite insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This could impact the integrity and availability of the data being used to make geolocation decisions b...

8.1CVSS7.8AI score0.00717EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2020/09/01 4:10 p.m.37 views

Downloads Resources over HTTP in adamvr-geoip-lite

Affected versions of adamvr-geoip-lite insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. This could impact the integrity and availability of the data being used to make geolocation decisions b...

8.1CVSS4AI score0.00717EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2018/05/31 12:0 a.m.7 views

adamvr-geoip-lite file download vulnerability

adamvr-geoip-lite is an API provided for IP geo-mapping data files. A file download vulnerability exists in adamvr-geoip-lite that originates when a program downloads geoip resources over the HTTP protocol. An attacker could use this vulnerability to read or modify the resource, affecting the...

8.1CVSS7.8AI score0.00717EPSS
Exploits0References1
NVD
NVD
added 2018/05/29 8:29 p.m.18 views

CVE-2016-10680

adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an...

8.1CVSS8AI score0.00717EPSS
Exploits0References1
OSV
OSV
added 2018/05/29 8:29 p.m.18 views

CVE-2016-10680

adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an...

8.1CVSS8.2AI score0.00717EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/05/29 8:0 p.m.23 views

CVE-2016-10680

adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an...

8AI score0.00717EPSS
Exploits0References1
CVE
CVE
added 2018/05/29 8:0 p.m.55 views

CVE-2016-10680

CVE-2016-10680 affects adamvr-geoip-lite, a lightweight native JavaScript GeoIP API. The underlying issue is that geoip resources are downloaded over HTTP, making them susceptible to MITM modification or reading. This can compromise the integrity and availability of geolocation data used by an ap...

8.1CVSS7.8AI score0.00717EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2017/01/04 6:40 a.m.24 views

Man In The Middle (MitM)

adamvr-geoip-lite is vulnerable to man-in-the-middle MitM attacks via downloading geoip resources over HTTP. This impacts the integrity and availability of this geoip data that may alter the decisions made by an application using this data...

8.1CVSS7.7AI score0.00717EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder