Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10676 | 1 Rs-brightcove Project | 1 Rs-brightcove | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10694 | 1 Alto-saxophone Project | 1 Alto-saxophone | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10693 | 1 Pm2-kafka Project | 1 Pm2-kafka | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10677 | 1 Google-closure-tools-latest Project | 1 Google-closure-tools-latest | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Google Closure tools google-closure-tools-latest downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10679 | 1 Selenium-standalone-painful Project | 1 Selenium-standalone-painful | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10696 | 1 Windows-latestchromedriver Project | 1 Windows-latestchromedriver | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10697 | 1 React-native-baidu-voice-synthesizer Project | 1 React-native-baidu-voice-synthesizer | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-2123 | 1 Samba | 1 Samba | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation. | |||||
| CVE-2016-10690 | 1 Openframe-ascii-image Project | 1 Openframe-ascii-image | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10695 | 1 Mapbox | 1 Npm-test-sqlite3-trunk | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10605 | 1 Dalekjs | 1 Dalekjs | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-browser-ie downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10606 | 1 Grunt-webdriver-qunit Project | 1 Grunt-webdriver-qunit | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10607 | 1 Openframe-glslviewer Project | 1 Openframe-glslviewer | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| openframe-glsviewer is a Openframe extension which adds support for shaders via glslViewer. openframe-glsviewer downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10608 | 1 Getrobot | 1 Robot-js | 2019-10-09 | 9.3 HIGH | 7.5 HIGH |
| robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10609 | 2 Chromedriver126 Project, Linux | 2 Chromedriver126, Linux Kernel | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| chromedriver126 is chromedriver version 1.26 for linux OS. chromedriver126 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10610 | 1 Unicode | 1 Unicode-json | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10611 | 1 Strider-sauce Project | 1 Strider-sauce | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10612 | 1 Dalekjs | 1 Dalekjs | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10629 | 1 Nw-with-arm Project | 1 Nw-with-arm | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| nw-with-arm is a NW Installer including ARM-Build. nw-with-arm downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10614 | 1 Httpsync Project | 1 Httpsync | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10615 | 1 Curses Project | 1 Curses | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| curses is bindings for the native curses library, a full featured console IO library. curses downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10616 | 1 Openframe-image Project | 1 Openframe-image | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10617 | 1 Box2d-native Project | 1 Box2d-native | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10618 | 1 Node-browser Project | 1 Node-browser | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10639 | 1 Redis-srvr Project | 1 Redis-srvr | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| redis-srvr is a npm wrapper for redis-server. redis-srvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10660 | 1 Fis-parser-sass-bin Project | 1 Fis-parser-sass-bin | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| fis-parser-sass-bin a plugin for fis to compile sass using node-sass-binaries. fis-parser-sass-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10659 | 1 Macchina | 1 Poco | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10662 | 1 Tomita Project | 1 Tomita | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| tomita is a node wrapper for Yandex Tomita Parser tomita downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10664 | 1 Mystem Project | 1 Mystem | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10665 | 1 Herbivore Project | 1 Herbivore | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| herbivore is a packet sniffing and crafting library. Built on libtins herbivore 0.0.3 and below download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10666 | 1 Yandex | 1 Tomita-parser | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10667 | 1 Selenium-portal Project | 1 Selenium-portal | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10668 | 1 Libsbml Project | 1 Libsbml | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| libsbml is a module that installs Linux binaries for libSBML libsbml downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10669 | 1 Soci Project | 1 Soci | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10670 | 1 Windows-seleniumjar-mirror Project | 1 Windows-seleniumjar-mirror | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10657 | 1 Co-cli-installer Project | 1 Co-cli-installer | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10637 | 1 Haxe | 1 Haxe-dev | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| haxe-dev is a cross-platform toolkit. haxe-dev downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10638 | 1 Js-given Project | 1 Js-given | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| js-given is a JavaScript frontend to jgiven. js-given downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10649 | 1 Frames-compiler Project | 1 Frames-compiler | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10671 | 1 Mystem-wrapper Project | 1 Mystem-wrapper | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10672 | 1 Cloudpub-redis Project | 1 Cloudpub-redis | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10640 | 1 Geohey | 1 Node-thulac | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| node-thulac is a node binding for thulac. node-thulac downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10641 | 1 Node-bsdiff-android Project | 1 Node-bsdiff-android | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10642 | 1 Cmake Project | 1 Cmake | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| cmake installs the cmake x86 linux binaries. cmake downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10643 | 1 Jstestdriver Project | 1 Jstestdriver | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| jstestdriver is a wrapper for Google's jstestdriver. jstestdriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10673 | 1 Ipip | 1 Ipip-coffee | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application. | |||||
| CVE-2016-10656 | 1 Qbs Project | 1 Qbs | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| qbs is a build tool that helps simplify the build process for developing projects across multiple platforms. qbs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10674 | 1 Limbus-buildgen Project | 1 Limbus-buildgen | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| limbus-buildgen is a "build anywhere" build system. limbus-buildgen versions below 0.1.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10655 | 1 Clang-extra Project | 1 Clang-extra | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| The clang-extra module installs LLVM's clang-extra tools. clang-extra downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10654 | 1 Sfml Project | 1 Sfml | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| sfml downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||