Lucene search
K

4 matches found

Prion
Prion
added 2018/05/29 8:29 p.m.21 views

Design/Logic Flaw

dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

9.3CVSS7.8AI score0.02061EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/05/29 8:0 p.m.61 views

CVE-2016-10584

The CVE-2016-10584 entry concerns dalek-browser-chrome-canary, a Google Chrome binding for DalekJS. The vulnerability arises because it downloads binary resources over HTTP, enabling a man-in-the-middle (MitM) attacker to swap the requested binary with malware, potentially causing remote code exe...

9.3CVSS8.2AI score0.02061EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/05/29 8:0 p.m.36 views

CVE-2016-10584

dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

8.2AI score0.02061EPSS
Exploits0References1
Node.js
Node.js
added 2016/11/30 10:42 p.m.56 views

Downloads Resources over HTTP

Overview Affected versions of dalek-browser-chrome-canary insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in...

9.3CVSS6.2AI score0.02061EPSS
Exploits0Affected Software1
Rows per page
Query Builder