Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2123 | 1 Samba | 1 Samba | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation. | |||||
| CVE-2016-10687 | 1 Windows-selenium-chromedriver Project | 1 Windows-selenium-chromedriver | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| windows-selenium-chromedriver is a module that downloads the Selenium Jar file. windows-selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10681 | 1 Robotwebtools | 1 Roslibjs | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10678 | 1 Serc.js Project | 1 Serc.js | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| serc.js is a Selenium RC process wrapper serc.js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10675 | 1 Libsbmlsim Project | 1 Libsbmlsim | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10676 | 1 Rs-brightcove Project | 1 Rs-brightcove | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10677 | 1 Google-closure-tools-latest Project | 1 Google-closure-tools-latest | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Google Closure tools google-closure-tools-latest downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-1587 | 1 Snapweb | 1 Snapweb | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Snapweb interface before version 0.21.2 was exposing controls to install or remove snap packages without controlling the identity of the user, nor the origin of the connection. An attacker could have used the controls to remotely add a valid, but malicious, snap package, from the Store, potentially using system resources without permission from the legitimate administrator of the system. | |||||
| CVE-2016-1586 | 1 Oxide Project | 1 Oxide | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A malicious webview could install long-lived unload handlers that re-use an incognito BrowserContext that is queued for destruction in versions of Oxide before 1.18.3. | |||||
| CVE-2016-1261 | 1 Juniper | 1 Junos | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS). | |||||
| CVE-2016-10573 | 1 Baryton-saxophone Project | 1 Baryton-saxophone | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| baryton-saxophone is a module to install and launch Selenium Server for Mac, Linux and Windows. baryton-saxophone versions below 3.0.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10571 | 1 Bkjs-wand Project | 1 Bkjs-wand | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-wand versions lower than 0.3.2 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10570 | 1 Pngcrush-installer Project | 1 Pngcrush-installer | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10569 | 1 Embedza Project | 1 Embedza | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10568 | 1 Geoip-lite-country Project | 1 Geoip-lite-country | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10567 | 1 Product-monitor Project | 1 Product-monitor | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download JavaScript resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10542 | 1 Ws Project | 1 Ws | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier. | |||||
| CVE-2016-10540 | 1 Minimatch Project | 1 Minimatch | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript `RegExp` objects. The primary function, `minimatch(path, pattern)` in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the `pattern` parameter. | |||||
| CVE-2016-10519 | 1 Webtorrent | 1 Bittorrent-dht | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A security issue was found in bittorrent-dht before 5.1.3 that allows someone to send a specific series of messages to a listening peer and get it to reveal internal memory. | |||||
| CVE-2016-10518 | 1 Ws Project | 1 Ws | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers in node when you allocate it when a number instead of a string it will allocate the amount of bytes. | |||||
| CVE-2016-10618 | 1 Node-browser Project | 1 Node-browser | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10639 | 1 Redis-srvr Project | 1 Redis-srvr | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| redis-srvr is a npm wrapper for redis-server. redis-srvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10640 | 1 Geohey | 1 Node-thulac | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| node-thulac is a node binding for thulac. node-thulac downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10641 | 1 Node-bsdiff-android Project | 1 Node-bsdiff-android | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10642 | 1 Cmake Project | 1 Cmake | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| cmake installs the cmake x86 linux binaries. cmake downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10643 | 1 Jstestdriver Project | 1 Jstestdriver | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| jstestdriver is a wrapper for Google's jstestdriver. jstestdriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10644 | 1 Slimerjs-edge Project | 1 Slimerjs-edge | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs. slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10645 | 1 Grunt-images Project | 1 Grunt-images | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| grunt-images is a grunt plugin for processing images. grunt-images downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10646 | 1 Resourcehacker Project | 1 Resourcehacker | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| resourcehacker is a Node wrapper of Resource Hacker (windows executable resource editor). resourcehacker downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10647 | 1 Node-air-sdk Project | 1 Node-air-sdk | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10648 | 1 Marionette-socket-host Project | 1 Marionette-socket-host | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| marionette-socket-host is a marionette-js-runner host for sending actions over a socket. marionette-socket-host downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10670 | 1 Windows-seleniumjar-mirror Project | 1 Windows-seleniumjar-mirror | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10671 | 1 Mystem-wrapper Project | 1 Mystem-wrapper | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10672 | 1 Cloudpub-redis Project | 1 Cloudpub-redis | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10673 | 1 Ipip | 1 Ipip-coffee | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application. | |||||
| CVE-2016-10674 | 1 Limbus-buildgen Project | 1 Limbus-buildgen | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| limbus-buildgen is a "build anywhere" build system. limbus-buildgen versions below 0.1.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10617 | 1 Box2d-native Project | 1 Box2d-native | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10596 | 1 Imageoptim Project | 1 Imageoptim | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10594 | 1 Ipip Project | 1 Ipip | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10575 | 1 Hakatashi | 1 Kindlegen | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| Kindlegen is a simple Node.js wrapper of the official kindlegen program. Kindlegen versions before 1.1.0 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10574 | 1 Apk-parser3 Project | 1 Apk-parser3 | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| apk-parser3 is a module to extract Android Manifest info from an APK file. apk-parser3 versions before 0.1.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10572 | 1 Mongodb-instance Project | 1 Mongodb-instance | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10616 | 1 Openframe-image Project | 1 Openframe-image | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10615 | 1 Curses Project | 1 Curses | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| curses is bindings for the native curses library, a full featured console IO library. curses downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10614 | 1 Httpsync Project | 1 Httpsync | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10601 | 1 Uxebu | 1 Webdrvr | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10600 | 1 Webrtc | 1 Webrtc-native | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10599 | 1 Node-sauce-connect Project | 1 Node-sauce-connect | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10598 | 1 Arrayfire-js Project | 1 Arrayfire-js | 2019-10-09 | 8.5 HIGH | 7.5 HIGH |
| arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10627 | 1 Scala-bin Project | 1 Scala-bin | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| scala-bin is a binary wrapper for Scala. scala-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||