17 matches found
CLSA-2025-1758822697 perl-CPAN: Fix of 2 CVEs
CVE-2023-31484: verify TLS certificates when downloading distributions over HTTPS - CVE-2020-16156: fix Signature Verification Bypass...
SUSE CVE-2023-31484
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS...
DEBIAN-CVE-2023-31484
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS...
CVE-2019-6800
In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands...
GHSA-C4QP-H3M6-785F ibm_db downloads Resources over HTTP
Affected versions of ibmdb insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavior of...
GHSA-5W4P-H4GM-3W26 Downloads Resources over HTTP in jser-stat
Affected versions of jser-stat insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavio...
GHSA-6JX3-RQCX-G3WW Downloads Resources over HTTP in air-sdk
Affected versions of air-sdk insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...
CVE-2016-10683
arcanist downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote...
CVE-2016-10675
libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the...
CVE-2016-10652
prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks...
CVE-2016-10625
headless-browser-lite is a minimal npm installer for phantomjs and slimerjs with no external dependencies. headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested...
CVE-2016-10596
imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested tarball with an attacker controlled tarball if t...
CVE-2016-10580
nodewebkit is an installer for node-webkit. nodewebkit downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the...
install-nw code execution vulnerability (CNVD-2018-10902)
install-nw is a tool for installing and caching NW.j modules. A security vulnerability exists in versions prior to install-nw 1.1.5, which originates when a program downloads JavaScript resources over the HTTP protocol. A remote attacker can exploit the vulnerability by replacing the requested...
CVE-2016-10682
massif is a Phantomjs fork massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between th...
CVE-2016-10666
tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker i...
FireEye MPS JAR analyzer command execution
Added: 12/28/2015 BID: 78809 Background The FireEye Malware Protection System MPS detects and eliminates malware found on file shares, web downloads, and e-mail. Problem A vulnerability in the Java Archive analysis tool could allow command execution when the tool analyzes a specially crafted JAR...