Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-0276

Malware in sbrugna...

9.3CVSS8AI score0.01752EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2019/02/18 11:50 p.m.23 views

Downloads Resources over HTTP in imageoptim

imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested tarball with an attacker controlled tarball if t...

8.1CVSS1.6AI score0.01069EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2018/06/01 6:29 p.m.14 views

Remote code execution

nw is an installer for nw.js. nw downloads zipped resources over HTTP, It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server...

9.3CVSS8.1AI score0.01756EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/06/01 6:29 p.m.3 views

CVE-2016-10581

Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out th...

8.1CVSS6.3AI score0.01682EPSS
Exploits0References1
Prion
Prion
added 2018/06/01 6:29 p.m.13 views

Design/Logic Flaw

haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned...

9.3CVSS8AI score0.01682EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/06/01 6:0 p.m.72 views

CVE-2016-10602

CVE-2016-10602 affects the cross-platform toolkit haxe . The issue occurs because haxe downloads zipped resources over HTTP, exposing users to man-in-the-middle (MITM) attacks. An attacker on the network could swap the requested zip with a malicious one, potentially leading to remote code executi...

9.3CVSS8.2AI score0.01682EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2018/05/30 6:13 a.m.21 views

Man In The Middle (MitM)

prince is vulnerable to man-in-the-middle MitM attacks. This is because the libraries download zipped resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested zipped file with an attacker controlled zipped file if the attacker is on the...

8.1CVSS8.3AI score0.01752EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/05/29 8:29 p.m.17 views

Remote code execution

Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince1 CLI. prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested tarball with an attacker controlled...

9.3CVSS8AI score0.01752EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2017/01/04 3:16 a.m.20 views

Man In The Middle (MitM)

haxe is vulnerable to man-in-the-middle MitM attacks. This is because the libraries download zipped resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested zipped file with an attacker controlled zipped file if the attacker is on the...

9.3CVSS8.3AI score0.01682EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2017/01/04 3:2 a.m.12 views

Man In The Middle (MitM)

ipip is vulnerable to man-in-the-middle MitM attacks. This is because the libraries download zipped resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested zipped file with an attacker controlled zipped file if the attacker is on the...

8.1CVSS8.3AI score0.00578EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2016/12/20 6:28 a.m.18 views

Man In The Middle (MitM)

nw is vulnerable to man-in-the-middle MitM attacks. This is because the library downloads zipped resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or...

9.3CVSS8.3AI score0.01756EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder