Search
Total
206 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10667 | 1 Selenium-portal Project | 1 Selenium-portal | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10668 | 1 Libsbml Project | 1 Libsbml | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| libsbml is a module that installs Linux binaries for libSBML libsbml downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10669 | 1 Soci Project | 1 Soci | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10670 | 1 Windows-seleniumjar-mirror Project | 1 Windows-seleniumjar-mirror | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10671 | 1 Mystem-wrapper Project | 1 Mystem-wrapper | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10672 | 1 Cloudpub-redis Project | 1 Cloudpub-redis | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10673 | 1 Ipip | 1 Ipip-coffee | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application. | |||||
| CVE-2016-10674 | 1 Limbus-buildgen Project | 1 Limbus-buildgen | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| limbus-buildgen is a "build anywhere" build system. limbus-buildgen versions below 0.1.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10662 | 1 Tomita Project | 1 Tomita | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| tomita is a node wrapper for Yandex Tomita Parser tomita downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10557 | 1 Appium | 1 Appium-chromedriver | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10558 | 1 Aerospike | 1 Aerospike | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10559 | 1 Groupon | 1 Selenium-download | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10562 | 1 Iedriver Project | 1 Iedriver | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10563 | 1 Ipfs | 1 Go-ipfs-dep | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise. | |||||
| CVE-2016-10564 | 1 Apk-parser Project | 1 Apk-parser | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| apk-parser is a tool to extract Android Manifest info from an APK file. apk-parser versions below 0.1.6 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10565 | 1 Cnpmjs | 1 Operadriver | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10566 | 1 Install-nw Project | 1 Install-nw | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10576 | 1 Fuseki Project | 1 Fuseki | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10567 | 1 Product-monitor Project | 1 Product-monitor | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download JavaScript resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10568 | 1 Geoip-lite-country Project | 1 Geoip-lite-country | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10569 | 1 Embedza Project | 1 Embedza | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10570 | 1 Pngcrush-installer Project | 1 Pngcrush-installer | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10571 | 1 Bkjs-wand Project | 1 Bkjs-wand | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-wand versions lower than 0.3.2 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10572 | 1 Mongodb-instance Project | 1 Mongodb-instance | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10573 | 1 Baryton-saxophone Project | 1 Baryton-saxophone | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| baryton-saxophone is a module to install and launch Selenium Server for Mac, Linux and Windows. baryton-saxophone versions below 3.0.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10574 | 1 Apk-parser3 Project | 1 Apk-parser3 | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| apk-parser3 is a module to extract Android Manifest info from an APK file. apk-parser3 versions before 0.1.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10575 | 1 Hakatashi | 1 Kindlegen | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| Kindlegen is a simple Node.js wrapper of the official kindlegen program. Kindlegen versions before 1.1.0 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10577 | 1 Ibm | 1 Ibm Db | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibm_db before 1.0.2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10578 | 1 Unicode Project | 1 Unicode | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10579 | 1 Chromedriver Project | 1 Chromedriver | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10580 | 1 Nodewebkit Project | 1 Nodewebkit | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| nodewebkit is an installer for node-webkit. nodewebkit downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10581 | 1 Appgyver | 1 Steroids | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10582 | 1 Closurecompiler Project | 1 Closurecompiler | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10584 | 1 Dalekjs | 1 Dalekjs | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10585 | 1 Libxl Project | 1 Libxl | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10602 | 1 Haxe | 1 Haxe | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10586 | 1 Macacajs | 1 Macaca-chromedriver | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10587 | 1 Wasdk Project | 1 Wasdk | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10588 | 1 Nwjs | 1 Nw | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| nw is an installer for nw.js. nw downloads zipped resources over HTTP, It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10589 | 1 Spunjs | 1 Selenium-binaries | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| selenium-binaries downloads Selenium related binaries for your OS. selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10590 | 1 Cue-sdk-node Project | 1 Cue-sdk-node | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10591 | 1 Prince Project | 1 Prince | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince(1) CLI. prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10592 | 1 Jser-stat Project | 1 Jser-stat | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10603 | 1 Air-sdk Project | 1 Air-sdk | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10604 | 1 Dalekjs | 1 Dalekjs | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10594 | 1 Ipip Project | 1 Ipip | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10596 | 1 Imageoptim Project | 1 Imageoptim | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10598 | 1 Arrayfire-js Project | 1 Arrayfire-js | 2019-10-09 | 8.5 HIGH | 7.5 HIGH |
| arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10599 | 1 Node-sauce-connect Project | 1 Node-sauce-connect | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10600 | 1 Webrtc | 1 Webrtc-native | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||