Lucene search
K

8 matches found

Github Security Blog
Github Security Blog
added 2019/02/18 11:42 p.m.19 views

Downloads Resources over HTTP in rs-brightcove

Affected versions of rs-brightcove insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

9.3CVSS6.4AI score0.01752EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/02/18 11:42 p.m.15 views

GHSA-3W76-X94R-PW44 Downloads Resources over HTTP in rs-brightcove

Affected versions of rs-brightcove insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

9.3CVSS8.1AI score0.01752EPSS
Exploits0References3
CNVD
CNVD
added 2018/06/15 12:0 a.m.3 views

rs-brightcove remote code execution vulnerability

rs-brightcove is a set of wrapper tools for the brightcove web API. A security vulnerability exists in rs-brightcove, which originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the response an...

9.3CVSS8.1AI score0.01752EPSS
Exploits0References1
NVD
NVD
added 2018/06/04 4:29 p.m.16 views

CVE-2016-10676

rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacke...

9.3CVSS8.3AI score0.01752EPSS
Exploits0References1
OSV
OSV
added 2018/06/04 4:29 p.m.6 views

CVE-2016-10676

rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacke...

8.1CVSS6.3AI score0.01752EPSS
Exploits0References1
CVE
CVE
added 2018/06/04 4:0 p.m.44 views

CVE-2016-10676

The CVE refers to rs-brightcove, a wrapper around Brightcove’s web API. The issue is that rs-brightcove downloads resources over HTTP and can be manipulated by an attacker with a privileged network position, potentially replacing a downloaded executable and causing remote code execution on the ho...

9.3CVSS8.3AI score0.01752EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/04 4:0 p.m.20 views

CVE-2016-10676

rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacke...

8.3AI score0.01752EPSS
Exploits0References1
Node.js
Node.js
added 2016/12/02 1:33 a.m.33 views

Downloads Resources over HTTP

Overview Affected versions of rs-brightcove insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...

9.3CVSS6.2AI score0.01752EPSS
Exploits0Affected Software1
Rows per page
Query Builder