EUVD-2016-6786

Malware in sbrugna...

EUVD-2020-0832

Malware in sbrugna...

MAL-2025-42509 Malicious code in @flutteruki-gaming/gfe-prismic (npm)

The package @flutteruki-gaming/gfe-prismic was found to contain malicious code...

Malicious code in @flutteruki-gaming/gfe-prismic (npm)

The package @flutteruki-gaming/gfe-prismic was found to contain malicious code...

GHSA-72Q2-5RXX-XFFF gfe-sass downloads Resources over HTTP

Affected versions of gfe-sass insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

gfe (=1.1.0) potentially affected by CVE-2017-16040 via gfe-sass (=1.0.19)

gfe-sass NPM version =1.0.19 is affected by a known vulnerability. The following packages have a transitive dependency on gfe-sass and may be impacted: - gfe =1.1.0 Source cves: CVE-2017-16040 Source advisory: OSV:GHSA-72Q2-5RXX-XFFF...

gfe-sass downloads Resources over HTTP

Affected versions of gfe-sass insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syste...

Nvidia GeForce Experience Web Helper - Command Injection

//Send request to local GFE server function submitRequestport,secret var xhr = new XMLHttpRequest; xhr.open"POST", "http://127.0.0.1:"+port+"/gfeupdate/autoGFEInstall/", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...

gfe-sass Remote Code Execution Vulnerability

gfe-sass is a sass library. A security vulnerability exists in gfe-sass that originates when a program downloads a binary file over an unencrypted HTTP link. An attacker could exploit this vulnerability by intercepting the response and replacing the requested binary with a malicious executable fi...

CVE-2017-16040

gfe-sass is a library for promises CommonJS/Promises/A,B,D gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the...

CVE-2017-16040

gfe-sass is a library for promises CommonJS/Promises/A,B,D gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the...

Remote code execution

gfe-sass is a library for promises CommonJS/Promises/A,B,D gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the...

CVE-2017-16040

The CVE-2017-16040 issue affects the gfe-sass library, where it downloads resources over HTTP. This enables a man-in-the-middle when an attacker is on the network or between the user and the server to swap the requested resources with malicious copies, potentially causing remote code execution on...

CVE-2017-16040

gfe-sass is a library for promises CommonJS/Promises/A,B,D gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the...

CVE-2017-0316

In GeForce Experience GFE 3.x before 3.10.0.55, NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without validation, which may lead to denial of service or possible escalation of privileges...

CVE-2017-0316

GeForce Experience 3.x (GeForce Experience) On Windows, NVIDIA Installer Framework’s NVISystemService64 accepts user-supplied values without validation, affecting GeForce Experience 3.x prior to 3.10.0.55. This can lead to denial of service or privilege escalation. A fix is available in NVIDIA GF...

Security Bulletin: NVIDIA Installer Framework contains a vulnerability in NVISystemService64 affecting GFE

Vulnerability Details The following section summarizes the vulnerability. The description uses CWE™ and the risk assessment follows CVSS. CVE-2017-0316 NVIDIA Installer Framework contains a vulnerability in NVISystemService64 where a value passed from a user to the driver is used without...

Resources Downloaded Through Insecure Protocol

gfe-sass downloads resources through an insecure protocol. The library downloads resources through HTTP, allowing a man-in-the-middle attack to tamper with the content in transit...

CVE-2016-8827

CVE-2016-8827 affects NVIDIA GeForce Experience 3.x before GFE 3.1.0.52. The vulnerability is in the NVIDIA Web Helper.exe local web API endpoint /VisualOPS/v.1.0./, which lacks proper access control and parameter validation, enabling information disclosure via a directory traversal attack. Impac...

Downloads Resources over HTTP

Overview Affected versions of gfe-sass insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...