Lucene search
+L

31 matches found

CVE
CVE
added 2018/06/04 4:0 p.m.63 views

CVE-2016-10688

CVE-2016-10688 affects the Haxe 3 toolkit (haxe3): it downloads resources over HTTP, making it vulnerable to a Man‑in‑the‑Middle (MitM) where an attacker on the network can intercept and replace the downloaded resource, potentially enabling remote code execution. The available documents consisten...

9.3CVSS8.2AI score0.01699EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/04 4:0 p.m.30 views

CVE-2016-10688

Haxe 3 : The Cross-Platform Toolkit a fork from David Mouton's damoebius/haxe-npm haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the...

8.3AI score0.01699EPSS
Exploits0References1
CVE
CVE
added 2018/06/04 4:0 p.m.65 views

CVE-2016-10637

CVE-2016-10637 affects haxe-dev, a cross-platform toolkit. The vulnerability arises when haxe-dev downloads binary resources over HTTP, allowing a network-adjacent attacker to perform a MITM and swap the requested binary with an attacker-controlled one, potentially leading to remote code executio...

9.3CVSS8.2AI score0.01752EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/06/01 6:29 p.m.32 views

CVE-2016-10602

haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned...

9.3CVSS8.3AI score0.01682EPSS
Exploits0References1
OSV
OSV
added 2018/06/01 6:29 p.m.5 views

CVE-2016-10602

haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned...

8.1CVSS6.3AI score0.01682EPSS
Exploits0References1
Prion
Prion
added 2018/06/01 6:29 p.m.14 views

Design/Logic Flaw

haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned...

9.3CVSS8AI score0.01682EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/06/01 6:0 p.m.72 views

CVE-2016-10602

CVE-2016-10602 affects the cross-platform toolkit haxe . The issue occurs because haxe downloads zipped resources over HTTP, exposing users to man-in-the-middle (MITM) attacks. An attacker on the network could swap the requested zip with a malicious one, potentially leading to remote code executi...

9.3CVSS8.2AI score0.01682EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/01 6:0 p.m.23 views

CVE-2016-10602

haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned...

8.3AI score0.01682EPSS
Exploits0References1
Veracode
Veracode
added 2017/01/04 3:16 a.m.21 views

Man In The Middle (MitM)

haxe is vulnerable to man-in-the-middle MitM attacks. This is because the libraries download zipped resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested zipped file with an attacker controlled zipped file if the attacker is on the...

9.3CVSS8.3AI score0.01682EPSS
Exploits0References1Affected Software1
Node.js
Node.js
added 2016/12/01 5:27 p.m.27 views

Downloads Resources over HTTP

Overview Affected versions of haxe-dev insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...

9.3CVSS4.9AI score0.01752EPSS
Exploits0Affected Software1
Node.js
Node.js
added 2016/11/30 10:29 p.m.44 views

Downloads Resources over HTTP

Overview Affected versions of haxe insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

9.3CVSS5.1AI score0.01682EPSS
Exploits0Affected Software1
Rows per page
Query Builder