9 matches found
EUVD-2019-0226
Malware in sbrugna...
GHSA-59M2-J944-839W clang-extra downloads Resources over HTTP
Affected versions of clang-extra insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
clang-extra downloads Resources over HTTP
Affected versions of clang-extra insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
clang-extra remote code execution vulnerability
clang-extra is a tool for installing LLVM. A security vulnerability exists in clang-extra, which originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerability by intercepting the response and replacing the requested...
Man-in-the-Middle (MitM)
clang-extra is susceptible to man-in-the-middle MitM attacks. The attacker can download binary resources via HTTP, allowing MitM attacks. Since the attacker can replace the requested binary with its controlled binary if the attacker is on the network or positioned in between the user and the remo...
CVE-2016-10655
The clang-extra module installs LLVM's clang-extra tools. clang-extra downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is...
Remote code execution
The clang-extra module installs LLVM's clang-extra tools. clang-extra downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is...
CVE-2016-10655
The clang-extra module installs LLVM's clang-extra tools. clang-extra downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is...
CVE-2016-10655
The CVE-2016-10655 issue affects the clang-extra component of LLVM/clang-extra, where the tool downloads binary resources over HTTP. This enables a man-in-the-middle scenario if an attacker can position themselves on the network, potentially replacing downloaded resources with malicious ones and ...