Lucene search
K

17 matches found

OSV
OSV
added 2025/09/25 5:51 p.m.7 views

CLSA-2025-1758822697 perl-CPAN: Fix of 2 CVEs

CVE-2023-31484: verify TLS certificates when downloading distributions over HTTPS - CVE-2020-16156: fix Signature Verification Bypass...

8.1CVSS5.8AI score0.01548EPSS
Exploits2References1
SUSE CVE
SUSE CVE
added 2023/05/03 2:29 a.m.4 views

SUSE CVE-2023-31484

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS...

7.4CVSS8.4AI score0.01548EPSS
Exploits1References82
OSV
OSV
added 2023/04/29 12:15 a.m.5 views

DEBIAN-CVE-2023-31484

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS...

8.1CVSS7.7AI score0.01548EPSS
Exploits1References1
OSV
OSV
added 2019/06/05 7:29 p.m.4 views

CVE-2019-6800

In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands...

7.5CVSS7.2AI score0.013EPSS
Exploits1References2
OSV
OSV
added 2019/02/18 11:51 p.m.1 views

GHSA-C4QP-H3M6-785F ibm_db downloads Resources over HTTP

Affected versions of ibmdb insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavior of...

8.1CVSS6.1AI score0.01546EPSS
Exploits0References4
OSV
OSV
added 2019/02/18 11:50 p.m.3 views

GHSA-5W4P-H4GM-3W26 Downloads Resources over HTTP in jser-stat

Affected versions of jser-stat insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavio...

8.1CVSS6.1AI score0.00644EPSS
Exploits0References4
OSV
OSV
added 2019/02/18 11:33 p.m.17 views

GHSA-6JX3-RQCX-G3WW Downloads Resources over HTTP in air-sdk

Affected versions of air-sdk insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

9.3CVSS7.5AI score0.01752EPSS
Exploits0References3
OSV
OSV
added 2018/06/04 4:29 p.m.4 views

CVE-2016-10683

arcanist downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote...

8.1CVSS6.3AI score0.01682EPSS
Exploits0References1
OSV
OSV
added 2018/06/04 4:29 p.m.3 views

CVE-2016-10675

libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the...

8.1CVSS6.3AI score0.02021EPSS
Exploits0References1
OSV
OSV
added 2018/06/04 4:29 p.m.3 views

CVE-2016-10652

prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

8.1CVSS5.8AI score0.00546EPSS
Exploits0References1
OSV
OSV
added 2018/06/01 6:29 p.m.4 views

CVE-2016-10625

headless-browser-lite is a minimal npm installer for phantomjs and slimerjs with no external dependencies. headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested...

8.1CVSS6.3AI score0.01682EPSS
Exploits0References1
OSV
OSV
added 2018/06/01 6:29 p.m.4 views

CVE-2016-10596

imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested tarball with an attacker controlled tarball if t...

8.1CVSS6.3AI score0.01069EPSS
Exploits0References1
OSV
OSV
added 2018/06/01 6:29 p.m.4 views

CVE-2016-10580

nodewebkit is an installer for node-webkit. nodewebkit downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the...

8.1CVSS6.3AI score0.01682EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/31 12:0 a.m.1 views

install-nw code execution vulnerability (CNVD-2018-10902)

install-nw is a tool for installing and caching NW.j modules. A security vulnerability exists in versions prior to install-nw 1.1.5, which originates when a program downloads JavaScript resources over the HTTP protocol. A remote attacker can exploit the vulnerability by replacing the requested...

9.3CVSS7.1AI score0.01682EPSS
Exploits0References1
OSV
OSV
added 2018/05/29 8:29 p.m.4 views

CVE-2016-10682

massif is a Phantomjs fork massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between th...

8.1CVSS6.3AI score0.01682EPSS
Exploits0References1
OSV
OSV
added 2018/05/29 8:29 p.m.4 views

CVE-2016-10666

tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker i...

8.1CVSS6.3AI score0.01682EPSS
Exploits0References1
Saint
Saint
added 2015/12/28 12:0 a.m.40 views

FireEye MPS JAR analyzer command execution

Added: 12/28/2015 BID: 78809 Background The FireEye Malware Protection System MPS detects and eliminates malware found on file shares, web downloads, and e-mail. Problem A vulnerability in the Java Archive analysis tool could allow command execution when the tool analyzes a specially crafted JAR...

7.6AI score
Exploits0
Rows per page
Query Builder