Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10694 | 1 Alto-saxophone Project | 1 Alto-saxophone | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10691 | 1 Windows-seleniumjar Project | 1 Windows-seleniumjar | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10693 | 1 Pm2-kafka Project | 1 Pm2-kafka | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10690 | 1 Openframe-ascii-image Project | 1 Openframe-ascii-image | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10689 | 1 Windows-iedriver Project | 1 Windows-iedriver | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10687 | 1 Windows-selenium-chromedriver Project | 1 Windows-selenium-chromedriver | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| windows-selenium-chromedriver is a module that downloads the Selenium Jar file. windows-selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10686 | 1 Fis-sass-all Project | 1 Fis-sass-all | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| fis-sass-all is another libsass wrapper for node. fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10685 | 1 Pk-app-wonderbox Project | 1 Pk-app-wonderbox | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10684 | 1 Healthcenter Project | 1 Healthcenter | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| healthcenter - IBM Monitoring and Diagnostic Tools health Center agent healthcenter downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10683 | 1 Hujiang | 1 Arcanist | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| arcanist downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10590 | 1 Cue-sdk-node Project | 1 Cue-sdk-node | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10634 | 1 Scalajs-standalone-bin Project | 1 Scalajs-standalone-bin | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10591 | 1 Prince Project | 1 Prince | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince(1) CLI. prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10592 | 1 Jser-stat Project | 1 Jser-stat | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10635 | 1 Broccoli-closure Project | 1 Broccoli-closure | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10646 | 1 Resourcehacker Project | 1 Resourcehacker | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| resourcehacker is a Node wrapper of Resource Hacker (windows executable resource editor). resourcehacker downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10617 | 1 Box2d-native Project | 1 Box2d-native | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10674 | 1 Limbus-buildgen Project | 1 Limbus-buildgen | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| limbus-buildgen is a "build anywhere" build system. limbus-buildgen versions below 0.1.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10603 | 1 Air-sdk Project | 1 Air-sdk | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10604 | 1 Dalekjs | 1 Dalekjs | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10627 | 1 Scala-bin Project | 1 Scala-bin | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| scala-bin is a binary wrapper for Scala. scala-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10552 | 1 Infragistics | 1 Igniteui | 2019-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol. | |||||
| CVE-2016-10626 | 1 Mystem3 Project | 1 Mystem3 | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10625 | 1 Headless-browser-lite Project | 1 Headless-browser-lite | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| headless-browser-lite is a minimal npm installer for phantomjs and slimerjs with no external dependencies. headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10620 | 1 Atom-node-module-installer Project | 1 Atom-node-module-installer | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| atom-node-module-installer installs node modules for atom-shell applications. atom-node-module-installer binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10673 | 1 Ipip | 1 Ipip-coffee | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application. | |||||
| CVE-2016-10647 | 1 Node-air-sdk Project | 1 Node-air-sdk | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10600 | 1 Webrtc | 1 Webrtc-native | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10672 | 1 Cloudpub-redis Project | 1 Cloudpub-redis | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10671 | 1 Mystem-wrapper Project | 1 Mystem-wrapper | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10670 | 1 Windows-seleniumjar-mirror Project | 1 Windows-seleniumjar-mirror | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10594 | 1 Ipip Project | 1 Ipip | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10601 | 1 Uxebu | 1 Webdrvr | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10636 | 1 Grunt-ccompiler Project | 1 Grunt-ccompiler | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| grunt-ccompiler is a Closure Compiler Grunt Plugin. grunt-ccompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10637 | 1 Haxe | 1 Haxe-dev | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| haxe-dev is a cross-platform toolkit. haxe-dev downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10648 | 1 Marionette-socket-host Project | 1 Marionette-socket-host | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| marionette-socket-host is a marionette-js-runner host for sending actions over a socket. marionette-socket-host downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10638 | 1 Js-given Project | 1 Js-given | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| js-given is a JavaScript frontend to jgiven. js-given downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10618 | 1 Node-browser Project | 1 Node-browser | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10649 | 1 Frames-compiler Project | 1 Frames-compiler | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10596 | 1 Imageoptim Project | 1 Imageoptim | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10640 | 1 Geohey | 1 Node-thulac | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| node-thulac is a node binding for thulac. node-thulac downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10641 | 1 Node-bsdiff-android Project | 1 Node-bsdiff-android | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10572 | 1 Mongodb-instance Project | 1 Mongodb-instance | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10642 | 1 Cmake Project | 1 Cmake | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| cmake installs the cmake x86 linux binaries. cmake downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10599 | 1 Node-sauce-connect Project | 1 Node-sauce-connect | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10556 | 1 Sequelizejs | 1 Sequelize | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier, where a malicious user could put `["test", "'); DELETE TestTable WHERE Id = 1 --')"]` inside of ``` database.query('SELECT * FROM TestTable WHERE Name IN (:names)', { replacements: { names: directCopyOfUserInput } }); ``` and cause the SQL statement to become `SELECT Id FROM Table WHERE Name IN ('test', '\'); DELETE TestTable WHERE Id = 1 --')`. In Postgres, MSSQL, and SQLite, the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table. | |||||
| CVE-2016-10645 | 1 Grunt-images Project | 1 Grunt-images | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| grunt-images is a grunt plugin for processing images. grunt-images downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10616 | 1 Openframe-image Project | 1 Openframe-image | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10643 | 1 Jstestdriver Project | 1 Jstestdriver | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| jstestdriver is a wrapper for Google's jstestdriver. jstestdriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10615 | 1 Curses Project | 1 Curses | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| curses is bindings for the native curses library, a full featured console IO library. curses downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
