10 matches found
EUVD-2020-1392
Malware in sbrugna...
GHSA-XQ8R-R72R-PQWM Downloads Resources over HTTP in roslib-socketio
Affected versions of roslib-socketio insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on th...
Downloads Resources over HTTP in roslib-socketio
Affected versions of roslib-socketio insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on th...
roslib-socketio code execution vulnerability
roslib-socketio is a ROS Robot Operating System JavaScript support library. A security vulnerability exists in roslib-socketio, which originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the...
Man-in-the-Middle (MitM)
roslib-socketio are vulnerable to man-in-the-middle MitM attacks. This is because the application downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the...
CVE-2016-10681
roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker...
CVE-2016-10681
roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker...
Remote code execution
roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker...
CVE-2016-10681
roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker...
CVE-2016-10681
The CVE-2016-10681 issue affects roslib-socketio. Affected code downloads binary resources over HTTP, enabling MITM interception and, in a network-positioned scenario, potential remote code execution by substituting the requested binary with a malicious one. Public advisories (GHSA-xq8r-r72r-pqwm...