33 matches found
EUVD-2019-0316
Malware in sbrugna...
EUVD-2019-0365
Malware in sbrugna...
EUVD-2019-0285
Malware in sbrugna...
GHSA-MGR2-3MPV-43GC Downloads Resources over HTTP in openframe-image
Affected versions of openframe-image insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...
Downloads Resources over HTTP in openframe-image
Affected versions of openframe-image insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...
openframe (>=0.1.6 <=0.1.33) potentially affected by CVE-2016-10616 via openframe-image (=0.1.8)
openframe-image NPM version =0.1.8 is affected by a known vulnerability. The following packages have a transitive dependency on openframe-image and may be impacted: - openframe =0.1.6, =0.1.33 Source cves: CVE-2016-10616 Source advisory: OSV:GHSA-MGR2-3MPV-43GC...
GHSA-XJ6F-X7JM-85FF openframe-ascii-image downloads Resources over HTTP
Affected versions of openframe-ascii-image insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...
openframe-ascii-image downloads Resources over HTTP
Affected versions of openframe-ascii-image insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...
GHSA-G2PF-QJGF-6FW3 Downloads Resources over HTTP in openframe-glslviewer
Affected versions of openframe-glslviewer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution ...
openframe (>=0.1.6 <=0.1.33) potentially affected by CVE-2016-10607 via openframe-glslviewer (=0.1.9)
openframe-glslviewer NPM version =0.1.9 is affected by a known vulnerability. The following packages have a transitive dependency on openframe-glslviewer and may be impacted: - openframe =0.1.6, =0.1.33 Source cves: CVE-2016-10607 Source advisory: OSV:GHSA-G2PF-QJGF-6FW3...
Downloads Resources over HTTP in openframe-glslviewer
Affected versions of openframe-glslviewer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution ...
openframe-asciii-image module code execution vulnerability
The openframe-ascii-image module is an extension to the Openframe format that displays static images rendered in ASCLL format via fim. A security vulnerability exists in the openframe-asciii-image module, which is caused by a program downloading a binary file over an unencrypted HTTP connection. ...
CVE-2016-10690
openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...
CVE-2016-10690
openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...
Remote code execution
openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...
CVE-2016-10690
openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...
CVE-2016-10690
The CVE-2016-10690 entry relates to openframe-ascii-image, an Openframe plugin that loads resources over HTTP. Connected advisories (GHSA-XJ6F-X7JM-85FF and OSV/NVD entries) confirm the root cause: insecure HTTP downloads of a binary/executable, enabling a man-in-the-middle attack where an attack...
Man-in-the-Middle (MitM)
openframe-image is vulnerable to man-in-the-middle MitM attack. This is possible because it does not prevent downloading of executables via HTTP if the attacker is on the network or positioned in between the user and the remote server. Consequently, it may potentially cause remote code execution...
Man-in-the-Middle (MitM)
openframe-glsviewer is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is ...
CVE-2016-10616
openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...