16 matches found
SUSE CVE-2015-1288
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...
GHSA-4PF7-579W-F4GM dwebp-bin downloads Resources over HTTP
Affected versions of dwebp-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the syst...
GHSA-CVX3-PQMJ-X57X scalajs-standalone-bin Downloads Resources over HTTP
Affected versions of scalajs-standalone-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...
Downloads Resources over HTTP in soci
Affected versions of soci insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...
Unspecified vulnerability in fis-sass-all
fis-sass-all is a package for implementing Sass compilation in Node.js. A security vulnerability exists in fis-sass-all, which originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the response...
windows-seleniumjar-mirror remote code execution vulnerability
windows-seleniumjar-mirror is a package for downloading selenium jar files. A security vulnerability exists in windows-seleniumjar-mirror, which originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by...
fis-parser-sass-bin remote code execution vulnerability
fis-parser-sass-bin is a fis-based plugin for compiling sass using node-sass-binaries. A security vulnerability exists in fis-parser-sass-bin, which originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by...
tomita Remote Code Execution Vulnerability
tomita is a parser that can extract structured data from natural language text. A security vulnerability exists in tomita that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerability by intercepting the response...
windows-selenium-chromedriver remote code execution vulnerability
windows-selenium-chromedriver is a package for downloading and installing the chromedriver server. A security vulnerability exists in windows-selenium-chromedriver, which originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit...
haxeshim code execution vulnerability
haxeshim is a package for managing multiple versions of Haxe simultaneously. A security vulnerability exists in haxeshim that originates when the program downloads a binary file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the response and...
pm2-kafka code execution vulnerability
pm2-kafka is a PM2 module for installing and running a kafka server. A security vulnerability exists in pm2-kafka that originates when a program downloads a binary file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerability by intercepting the response and replacing...
react-native-baidu-voice-synthesizer code execution vulnerability
react-native-baidu-voice-synthesizer is a speech synthesizer for use in Node.js. A security vulnerability exists in react-native-baidu-voice-synthesizer, which originates when the program downloads a binary file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerabilit...
arcanist Remote Code Execution Vulnerability
arcanist is a package for installing arcanist in phabricator. A security vulnerability exists in arcanist that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker can exploit the vulnerability by intercepting the response and replacing t...
rs-brightcove remote code execution vulnerability
rs-brightcove is a set of wrapper tools for the brightcove web API. A security vulnerability exists in rs-brightcove, which originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the response an...
Windows-build-tools Code Execution Vulnerability
windows-build-tools is a tool for building native node compiled modules in Windows. A security vulnerability exists in windows-build-tools versions prior to 1.0.0, which originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker can exploit the...
chromium-browser: Spell checking dictionaries fetched over HTTP in unspecified
The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...