23 matches found
EUVD-2019-0361
Malware in sbrugna...
EUVD-2019-0263
Malware in sbrugna...
backender (>=0.0.1 <=0.0.7), gulp-backender (>=0.0.4 <=0.0.5) potentially affected by CVE-2016-10604 via dalek-browser-chrome (=0.0.11)
dalek-browser-chrome NPM version =0.0.11 is affected by a known vulnerability. The following packages have a transitive dependency on dalek-browser-chrome and may be impacted: - backender =0.0.1, =0.0.4, =0.0.5 Source cves: CVE-2016-10604 Source advisory: OSV:GHSA-6Q8Q-RVF4-M4PG...
GHSA-6Q8Q-RVF4-M4PG dalek-browser-chrome Downloads Resources over HTTP
Affected versions of dalek-browser-chrome insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution ...
GHSA-65Q2-X652-XX84 dalek-browser-ie downloads Resources over HTTP
Affected versions of dalek-browser-ie insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...
dalek-browser-ie downloads Resources over HTTP
Affected versions of dalek-browser-ie insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...
GHSA-X56R-5R34-QG74 dalek-browser-ie-canary downloads Resources over HTTP
Affected versions of dalek-browser-ie-canary insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executi...
Man-in-the-Middle (MitM)
dalek-browser-ie-canary is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker ...
Man-in-the-Middle (MitM)
dalek-browser-ie is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on t...
CVE-2016-10604
dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the...
CVE-2016-10612
dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binar...
CVE-2016-10604
dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the...
CVE-2016-10605
The CVE-2016-10605 entry concerns the dalek-browser-ie bindings for DalekJS, which downloads binary resources over HTTP. This creates a MITM risk where an attacker on the network can intercept and replace the binary, potentially enabling remote code execution on the user’s system. Public advisori...
CVE-2016-10612
dalek-browser-ie-canary downloads binary resources over HTTP, enabling MitM and potential remote code execution if an attacker on the network intercepts and replaces the binary. Affected: dalek-browser-ie-canary (Internet Explorer bindings for DalekJS). Root cause: unencrypted HTTP delivery of ex...
CVE-2016-10604
dalek-browser-chrome downloads binary resources over HTTP, enabling MITM-style tampering. In network-position scenarios, an attacker can swap the requested binary with a malicious one, potentially executing code on the user’s system. The advisory notes that no patch is currently available and rec...
CVE-2016-10604
dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the...
dalek-browser-chrome-canary code execution vulnerability
dalek-browser-chrome-canary is a plugin for the DalekJS browser for Google Chrome. A security vulnerability exists in dalek-browser-chrome-canary that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the...
CVE-2016-10584
dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...
Design/Logic Flaw
dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...
CVE-2016-10584
The CVE-2016-10584 entry concerns dalek-browser-chrome-canary, a Google Chrome binding for DalekJS. The vulnerability arises because it downloads binary resources over HTTP, enabling a man-in-the-middle (MitM) attacker to swap the requested binary with malware, potentially causing remote code exe...