Total
2470 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10576 | 1 Fuseki Project | 1 Fuseki | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10621 | 1 Fibjs Project | 1 Fibjs | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| fibjs is a runtime for javascript applictions built on google v8 JS. fibjs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10638 | 1 Js-given Project | 1 Js-given | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| js-given is a JavaScript frontend to jgiven. js-given downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10651 | 1 Webdriver-launcher Project | 1 Webdriver-launcher | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| webdriver-launcher is a Node.js Selenium Webdriver Launcher. webdriver-launcher downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10601 | 1 Uxebu | 1 Webdrvr | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10573 | 1 Baryton-saxophone Project | 1 Baryton-saxophone | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| baryton-saxophone is a module to install and launch Selenium Server for Mac, Linux and Windows. baryton-saxophone versions below 3.0.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10610 | 1 Unicode | 1 Unicode-json | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10622 | 1 Nodeschnaps Project | 1 Nodeschnaps | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10649 | 1 Frames-compiler Project | 1 Frames-compiler | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10641 | 1 Node-bsdiff-android Project | 1 Node-bsdiff-android | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10657 | 1 Co-cli-installer Project | 1 Co-cli-installer | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10602 | 1 Haxe | 1 Haxe | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10569 | 1 Embedza Project | 1 Embedza | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10653 | 1 Xd-testing Project | 1 Xd-testing | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| xd-testing is a testing library for cross-device (XD) web applications. xd-testing downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10639 | 1 Redis-srvr Project | 1 Redis-srvr | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| redis-srvr is a npm wrapper for redis-server. redis-srvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10565 | 1 Cnpmjs | 1 Operadriver | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10652 | 1 Prebuild-lwip Project | 1 Prebuild-lwip | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10535 | 1 Csrf-lite Project | 1 Csrf-lite | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present. | |||||
| CVE-2016-10635 | 1 Broccoli-closure Project | 1 Broccoli-closure | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10634 | 1 Scalajs-standalone-bin Project | 1 Scalajs-standalone-bin | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||