10 matches found
new packages: Box2D
An update is available for Box2D. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...
Downloads Resources over HTTP in box2d-native
Affected versions of box2d-native insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
GHSA-362X-34H3-H6H6 Downloads Resources over HTTP in box2d-native
Affected versions of box2d-native insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
Man-in-the-Middle (MitM)
box2d-native is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...
CVE-2016-10617
box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the...
CVE-2016-10617
box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the...
Remote code execution
box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the...
CVE-2016-10617
box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the...
CVE-2016-10617
CVE-2016-10617 involves vulnerable box2d-native behavior where binary resources are downloaded over HTTP, enabling man-in-the-middle (MITM) tampering. The provided sources describe that an attacker with a privileged network position can intercept the response and replace the binary with a malicio...
Codelabs (libGDX - Box2D) - Native code usage, SD-card access, Suspicious files vulnerabilities
HackApp vulnerability scanner discovered that application Codelabs libGDX - Box2D published at the 'play' market has multiple vulnerabilities...