Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2016-10570 | First vendor Publication | 2018-05-29 |
Vendor | Cve | Last vendor Modification | 2019-10-09 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 8.1 | ||
Base Score | 8.1 | Environmental Score | 8.1 |
impact SubScore | 5.9 | Temporal Score | 8.1 |
Exploitabality Sub Score | 2.2 | ||
Attack Vector | Network | Attack Complexity | High |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10570 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-310 | Cryptographic Issues |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Sources (Detail)
Source | Url |
---|---|
MISC | https://nodesecurity.io/advisories/189 |
Alert History
Date | Informations |
---|---|
2021-05-04 12:46:09 |
|
2021-04-22 01:58:25 |
|
2020-05-23 00:48:58 |
|
2019-10-10 05:19:32 |
|
2018-07-05 21:19:22 |
|
2018-05-30 00:19:30 |
|