EUVD-2019-0214

Malware in sbrugna...

EUVD-2019-0208

Malware in sbrugna...

EUVD-2019-0346

Malware in sbrugna...

EUVD-2019-0245

Malware in sbrugna...

EUVD-2019-0336

Malware in sbrugna...

EUVD-2019-0352

Malware in sbrugna...

EUVD-2018-0416

Malware in sbrugna...

EUVD-2020-0732

Malware in sbrugna...

EUVD-2019-0216

Malware in sbrugna...

CVE-2016-10640

node-thulac, a Node binding for thulac, downloads binary resources over HTTP, making it vulnerable to MITM attacks. The available sources (NVD/NPM advisory/GHSA/OSV) describe potential remote code execution if an attacker on the network swaps the requested binary with a malicious one. Affected ve...

CVE-2016-10694

alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary...

CVE-2016-10639

redis-srvr is a npm wrapper for redis-server. redis-srvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the networ...

CVE-2016-10600

webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

CVE-2016-10579

Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if t...

CVE-2016-10604

dalek-browser-chrome downloads binary resources over HTTP, enabling MITM-style tampering. In network-position scenarios, an attacker can swap the requested binary with a malicious one, potentially executing code on the user’s system. The advisory notes that no patch is currently available and rec...

CVE-2016-10564

apk-parser is a tool to extract Android Manifest info from an APK file. apk-parser versions below 0.1.6 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

ibapi code execution vulnerability

ibapi is a trading system high-speed order interface. A security vulnerability exists in ibapi that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary file with a binary file under thei...

CVE-2016-10573

CVE-2016-10573 affects the baryton-saxophone module (used to install/launch Selenium Server) and stems from downloading binary resources over HTTP before version 3.0.1. This enables a network-position attacker (MitM) to swap the downloaded binary with a malicious one, potentially leading to remot...