GHSA-6FVW-7VCH-X489 Downloads Resources over HTTP in selenium-portal

Affected versions of selenium-portal insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on th...

Downloads Resources over HTTP in selenium-portal

Affected versions of selenium-portal insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on th...

Downloads Resources over HTTP in haxeshim

Affected versions of haxeshim insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

GHSA-J3WH-5M26-2PF7 Downloads Resources over HTTP in mystem-fix

Affected versions of mystem-fix insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

fis-parser-sass-bin remote code execution vulnerability

fis-parser-sass-bin is a fis-based plugin for compiling sass using node-sass-binaries. A security vulnerability exists in fis-parser-sass-bin, which originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by...

soci Remote Code Execution Vulnerability

soci is a C++ library for accessing databases. A security vulnerability exists in soci that originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the response and replacing the requested...

qbs remote code execution vulnerability

qbs is a set of automated build tools that manage the process of building software projects across multiple platforms. A security vulnerability exists in qbs that originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the...

mystem-wrapper Remote Code Execution Vulnerability

mystem-wrapper is a package for installing the Yandex mystem application. A security vulnerability exists in mystem-wrapper that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the...

clang-extra remote code execution vulnerability

clang-extra is a tool for installing LLVM. A security vulnerability exists in clang-extra, which originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerability by intercepting the response and replacing the requested...

Co-cli-installer Remote Code Execution Vulnerability

The co-cli-installer is a package for installing the co-cli command line tool. A security vulnerability exists in co-cli-installer that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting t...

selenium-portal remote code execution vulnerability

selenium-portal is a Node.js based on the use of JavaScript to write Selenium test program tools . A security vulnerability exists in selenium-portal, which originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerabilit...

Unspecified vulnerability in pk-app-wonderbox

pk-app-wonderbox is an app that integrates wonderbox and pillakloud. A security vulnerability exists in pk-app-wonderbox that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the respons...

serc.js remote code execution vulnerability

serc.js is a Selenium RC Process Wrapper A security vulnerability exists in serc.js, which originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerability by intercepting the response and replacing the requested executabl...

native-opencv file download vulnerability

native-opencv is an open source computer vision library with multi-platform support. A security vulnerability exists in native-opencv that originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerability by intercepting th...

Mozilla: Blob and data URLs bypass phishing and malware protection warnings (MFSA 2017-22)

File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise ...

Downloads Resources over HTTP

Overview Affected versions of react-native-baidu-voice-synthesizer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one,...

Downloads Resources over HTTP

Overview Affected versions of windows-seleniumjar-mirror insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in...

Downloads Resources over HTTP

Overview Affected versions of serc.js insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on t...

Downloads Resources over HTTP

Overview Affected versions of selenium-portal insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Downloads Resources over HTTP

Overview Affected versions of webdriver-launcher insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...