Lucene search
K

9 matches found

OSV
OSV
added 2019/02/18 11:41 p.m.17 views

GHSA-XJ6F-X7JM-85FF openframe-ascii-image downloads Resources over HTTP

Affected versions of openframe-ascii-image insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...

8.1CVSS8.1AI score0.01699EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2019/02/18 11:41 p.m.26 views

openframe-ascii-image downloads Resources over HTTP

Affected versions of openframe-ascii-image insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...

9.3CVSS8.1AI score0.01699EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/06/04 4:29 p.m.20 views

CVE-2016-10690

openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...

9.3CVSS8.4AI score0.01699EPSS
Exploits0References1
OSV
OSV
added 2018/06/04 4:29 p.m.3 views

CVE-2016-10690

openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...

8.1CVSS6.3AI score0.01699EPSS
Exploits0References1
Prion
Prion
added 2018/06/04 4:29 p.m.14 views

Remote code execution

openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...

9.3CVSS8.1AI score0.01699EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/04 4:0 p.m.24 views

CVE-2016-10690

openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an...

8.4AI score0.01699EPSS
Exploits0References1
CVE
CVE
added 2018/06/04 4:0 p.m.54 views

CVE-2016-10690

The CVE-2016-10690 entry relates to openframe-ascii-image, an Openframe plugin that loads resources over HTTP. Connected advisories (GHSA-XJ6F-X7JM-85FF and OSV/NVD entries) confirm the root cause: insecure HTTP downloads of a binary/executable, enabling a man-in-the-middle attack where an attack...

9.3CVSS8.3AI score0.01699EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2017/01/03 8:9 a.m.16 views

Man-in-the-Middle (MitM)

openframe-ascii-image is vulnerable to man-in-the-middle attacks. The library downloads binaries via HTTP, potentially causing a remote code execution RCE vulnerability exploitable by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

9.3CVSS8.2AI score0.01699EPSS
Exploits0References1Affected Software1
Node.js
Node.js
added 2016/12/02 4:59 a.m.38 views

Downloads Resources over HTTP

Overview Affected versions of openframe-ascii-image insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

9.3CVSS6.2AI score0.01699EPSS
Exploits0Affected Software1
Rows per page
Query Builder