CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/10/07 12:30 a.m.•3 views

Exploits0References5

EUVD-2019-0247

Malware in sbrugna...

OSV•added 2019/02/18 11:54 p.m.•20 views

Exploits0References5

GHSA-722Q-3G9X-VP8Q Downloads Resources over HTTP in tomita-parser

Affected versions of tomita-parser insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

Github Security Blog•added 2019/02/18 11:54 p.m.•19 views

Exploits0References3

Downloads Resources over HTTP in tomita-parser

9.3CVSS6AI score0.00735EPSS

Exploits0References3Affected Software1

CNVD•added 2018/06/15 12:0 a.m.•1 views

tomita Remote Code Execution Vulnerability

tomita is a parser that can extract structured data from natural language text. A security vulnerability exists in tomita that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerability by intercepting the response...

9.3CVSS8.2AI score0.00735EPSS

Prion•added 2018/06/04 4:29 p.m.•4 views

Remote code execution

tomita is a node wrapper for Yandex Tomita Parser tomita downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the netwo...

9.3CVSS8AI score0.00735EPSS

Cvelist•added 2018/06/04 4:0 p.m.•10 views

CVE-2016-10662

8.3AI score0.00735EPSS

CVE•added 2018/06/04 4:0 p.m.•39 views

CVE-2016-10662

CVE-2016-10662 affects the tomita node wrapper for Yandex Tomita Parser. The vulnerability arises because tomita downloads binary resources over HTTP, allowing a network-positioned attacker to perform a MITM and replace the resource with a malicious binary, potentially leading to remote code exec...

9.3CVSS8.3AI score0.00735EPSS

CNVD•added 2018/05/31 12:0 a.m.•3 views

tomita-parser file download vulnerability

tomita-parser is a tool that provides structured data from natural language text. A file download vulnerability exists in tomita-parser that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by...

Veracode•added 2018/05/30 2:22 a.m.•22 views

Man-in-the-Middle (MitM)

tomita-parser is vulnerable to man-in-the-middle MitM attacks. This is because the application downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attack...

8.1CVSS8.3AI score0.00735EPSS

NVD•added 2018/05/29 8:29 p.m.•15 views

CVE-2016-10666

tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker i...

9.3CVSS8.3AI score0.00735EPSS

OSV•added 2018/05/29 8:29 p.m.•1 views

CVE-2016-10666

8.1CVSS6.3AI score

Prion•added 2018/05/29 8:29 p.m.•13 views

Remote code execution

9.3CVSS8AI score0.00735EPSS

Cvelist•added 2018/05/29 8:0 p.m.•18 views

CVE-2016-10666

8.3AI score0.00735EPSS

CVE•added 2018/05/29 8:0 p.m.•58 views

CVE-2016-10666

CVE-2016-10666 affects the Node wrapper for Yandex Tomita Parser, tomita-parser, which downloads binary resources over HTTP. This creates a man-in-the-middle (MitM) risk: an attacker on the network can intercept the HTTP response and swap the executable with a malicious one, potentially leading t...

9.3CVSS8.3AI score0.00735EPSS