Security Vulnerabilities - CVEs Published In June 2018
openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
CVSS Score
8.1
EPSS Score
0.002
Published
2018-06-01
box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
CVSS Score
8.1
EPSS Score
0.007
Published
2018-06-01
node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
CVSS Score
8.1
EPSS Score
0.002
Published
2018-06-01
pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.
CVSS Score
8.1
EPSS Score
0.002
Published
2018-06-01
atom-node-module-installer installs node modules for atom-shell applications. atom-node-module-installer binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
CVSS Score
8.1
EPSS Score
0.007
Published
2018-06-01
fibjs is a runtime for javascript applictions built on google v8 JS. fibjs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
CVSS Score
8.1
EPSS Score
0.007
Published
2018-06-01
nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
CVSS Score
8.1
EPSS Score
0.007
Published
2018-06-01
apk-parser3 is a module to extract Android Manifest info from an APK file. apk-parser3 versions before 0.1.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
CVSS Score
8.1
EPSS Score
0.007
Published
2018-06-01
Kindlegen is a simple Node.js wrapper of the official kindlegen program. Kindlegen versions before 1.1.0 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
CVSS Score
8.1
EPSS Score
0.007
Published
2018-06-01
Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
CVSS Score
8.1
EPSS Score
0.007
Published
2018-06-01