Lucene search
K

16 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:21 a.m.2 views

SUSE CVE-2015-1288

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...

6.8CVSS9.5AI score0.01079EPSS
Exploits0References4
OSV
OSV
added 2019/02/18 11:57 p.m.3 views

GHSA-4PF7-579W-F4GM dwebp-bin downloads Resources over HTTP

Affected versions of dwebp-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syst...

8.1CVSS6.3AI score0.01752EPSS
Exploits0References4
OSV
OSV
added 2019/02/18 11:47 p.m.1 views

GHSA-CVX3-PQMJ-X57X scalajs-standalone-bin Downloads Resources over HTTP

Affected versions of scalajs-standalone-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...

9.3CVSS6.3AI score0.01752EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2019/02/18 11:44 p.m.23 views

Downloads Resources over HTTP in soci

Affected versions of soci insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

9.3CVSS5.7AI score0.01682EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2018/06/15 12:0 a.m.3 views

Unspecified vulnerability in fis-sass-all

fis-sass-all is a package for implementing Sass compilation in Node.js. A security vulnerability exists in fis-sass-all, which originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the response...

9.3CVSS8.1AI score0.02104EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/15 12:0 a.m.4 views

windows-seleniumjar-mirror remote code execution vulnerability

windows-seleniumjar-mirror is a package for downloading selenium jar files. A security vulnerability exists in windows-seleniumjar-mirror, which originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by...

9.3CVSS8.2AI score0.01682EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/15 12:0 a.m.1 views

fis-parser-sass-bin remote code execution vulnerability

fis-parser-sass-bin is a fis-based plugin for compiling sass using node-sass-binaries. A security vulnerability exists in fis-parser-sass-bin, which originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by...

9.3CVSS8.1AI score0.01682EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/15 12:0 a.m.2 views

tomita Remote Code Execution Vulnerability

tomita is a parser that can extract structured data from natural language text. A security vulnerability exists in tomita that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerability by intercepting the response...

9.3CVSS8.2AI score0.01682EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/15 12:0 a.m.3 views

windows-selenium-chromedriver remote code execution vulnerability

windows-selenium-chromedriver is a package for downloading and installing the chromedriver server. A security vulnerability exists in windows-selenium-chromedriver, which originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit...

9.3CVSS8.1AI score0.01752EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/15 12:0 a.m.3 views

haxeshim code execution vulnerability

haxeshim is a package for managing multiple versions of Haxe simultaneously. A security vulnerability exists in haxeshim that originates when the program downloads a binary file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the response and...

9.3CVSS8.2AI score0.02733EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/15 12:0 a.m.2 views

pm2-kafka code execution vulnerability

pm2-kafka is a PM2 module for installing and running a kafka server. A security vulnerability exists in pm2-kafka that originates when a program downloads a binary file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerability by intercepting the response and replacing...

9.3CVSS8.2AI score0.01752EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/15 12:0 a.m.3 views

react-native-baidu-voice-synthesizer code execution vulnerability

react-native-baidu-voice-synthesizer is a speech synthesizer for use in Node.js. A security vulnerability exists in react-native-baidu-voice-synthesizer, which originates when the program downloads a binary file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerabilit...

9.3CVSS8.1AI score0.01752EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/15 12:0 a.m.3 views

arcanist Remote Code Execution Vulnerability

arcanist is a package for installing arcanist in phabricator. A security vulnerability exists in arcanist that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerability by intercepting the response and replacing t...

9.3CVSS8.1AI score0.01682EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/15 12:0 a.m.3 views

rs-brightcove remote code execution vulnerability

rs-brightcove is a set of wrapper tools for the brightcove web API. A security vulnerability exists in rs-brightcove, which originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the response an...

9.3CVSS8.1AI score0.01752EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/31 12:0 a.m.4 views

Windows-build-tools Code Execution Vulnerability

windows-build-tools is a tool for building native node compiled modules in Windows. A security vulnerability exists in windows-build-tools versions prior to 1.0.0, which originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker can exploit the...

9.3CVSS7.1AI score0.0228EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/07/27 9:8 a.m.3 views

chromium-browser: Spell checking dictionaries fetched over HTTP in unspecified

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...

6.8CVSS7.5AI score0.01079EPSS
Exploits0References5
Rows per page
Query Builder