EUVD-2019-0358

Malware in sbrugna...

libsbmlsim (>=0.0.1 <=0.0.2) potentially affected by CVE-2016-10668 via libsbml (=0.0.2)

libsbml NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on libsbml and may be impacted: - libsbmlsim =0.0.1, =0.0.2 Source cves: CVE-2016-10668 Source advisory: OSV:GHSA-432J-4FW9-2G6F...

GHSA-X268-6JHM-2MX8 libsbmlsim downloads Resources over HTTP

Affected versions of libsbmlsim insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

libsbmlsim downloads Resources over HTTP

Affected versions of libsbmlsim insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

libsbmlsim (>=0.0.1 <=0.0.2) potentially affected by CVE-2016-10642 via cmake (=0.0.1)

cmake NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on cmake and may be impacted: - libsbmlsim =0.0.1, =0.0.2 Source cves: CVE-2016-10642 Source advisory: OSV:GHSA-4J59-HFW6-6W7H...

libsbmlsim Remote Code Execution Vulnerability

libsbmlsim is a library for simulating SBML models containing ordinary differential equations. A security vulnerability exists in libsbmlsim that originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by...

Man-in-the-Middle (MitM)

libsbmlsim is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

CVE-2016-10675

libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the...

CVE-2016-10675

libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the...

Remote code execution

libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the...

CVE-2016-10675

libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the...

CVE-2016-10675

Summary: libsbmlsim downloads binaries over HTTP, enabling MitM attacks. The connected advisories/cves state that an attacker with a privileged network position could intercept responses and replace the requested executable with a malicious one, potentially causing remote code execution on the ho...

Downloads Resources over HTTP

Overview Affected versions of libsbmlsim insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...