11 matches found
openframe-ascii-image downloads Resources over HTTP
Affected versions of openframe-ascii-image insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...
GHSA-XJ6F-X7JM-85FF openframe-ascii-image downloads Resources over HTTP
Affected versions of openframe-ascii-image insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...
openframe-asciii-image module code execution vulnerability
The openframe-ascii-image module is an extension to the Openframe format that displays static images rendered in ASCLL format via fim. A security vulnerability exists in the openframe-asciii-image module, which is caused by a program downloading a binary file over an unencrypted HTTP connection. ...
CVE-2016-10690
openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...
CVE-2016-10690
openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...
Remote code execution
openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...
CVE-2016-10690
The CVE-2016-10690 entry relates to openframe-ascii-image, an Openframe plugin that loads resources over HTTP. Connected advisories (GHSA-XJ6F-X7JM-85FF and OSV/NVD entries) confirm the root cause: insecure HTTP downloads of a binary/executable, enabling a man-in-the-middle attack where an attack...
CVE-2016-10690
openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...
Man-in-the-Middle (MitM)
openframe-ascii-image is vulnerable to man-in-the-middle attacks. The library downloads binaries via HTTP, potentially causing a remote code execution RCE vulnerability exploitable by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...
Downloads Resources over HTTP
Overview Affected versions of openframe-ascii-image insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...
[ GLSA 200812-14 ] aview: Insecure temporary file usage
Gentoo Linux Security Advisory GLSA 200812-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...