2 matches found
CVE-2016-10570
pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary ...
CVE-2016-10570
The CVE-2016-10570 entry concerns pngcrush-installer, the installer for Pngcrush. The vulnerability arises in versions below 1.8.10 that download binary resources over HTTP. This insecure download path enables an attacker with network access or a privileged network position to perform a MITM inte...