31 matches found
EUVD-2019-0357
Malware in sbrugna...
EUVD-2018-0283
Malware in sbrugna...
EUVD-2019-0249
Malware in sbrugna...
EUVD-2019-0353
Malware in sbrugna...
GHSA-WX3Q-6X7X-JJW4 mystem downloads Resources over HTTP
Affected versions of mystem insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...
mystem downloads Resources over HTTP
Affected versions of mystem insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...
GHSA-WG5R-C793-W5W2 Downloads Resources over HTTP in mystem-wrapper
Affected versions of mystem-wrapper insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
Downloads Resources over HTTP in mystem-wrapper
Affected versions of mystem-wrapper insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
Downloads Resources over HTTP in mystem-fix
Affected versions of mystem-fix insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
GHSA-J3WH-5M26-2PF7 Downloads Resources over HTTP in mystem-fix
Affected versions of mystem-fix insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
mystem-wrapper Remote Code Execution Vulnerability
mystem-wrapper is a package for installing the Yandex mystem application. A security vulnerability exists in mystem-wrapper that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the...
Man-in-the-Middle (MitM)
mystem-wrapper is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on th...
CVE-2016-10671
mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is ...
CVE-2016-10664
mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if th...
Remote code execution
mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is ...
Remote code execution
mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if th...
CVE-2016-10664
mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if th...
CVE-2016-10671
mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is ...
CVE-2016-10664
The CVE-2016-10664 issue affects the mystem Node.js wrapper for Yandex MyStem, where binary resources are downloaded over HTTP. This enables a MITM attacker with network access to swap the requested binary for a malicious one, potentially causing remote code execution on the host. The affected be...
CVE-2016-10671
The CVE-2016-10671 issue affects the mystem-wrapper; the wrapper downloads binary resources over HTTP, exposing it to MITM attacks. A malicious actor on the network could swap the requested resources with a attacker-controlled copy, potentially enabling remote code execution on the host running m...