Total
2448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10626 | 1 Mystem3 Project | 1 Mystem3 | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10559 | 1 Groupon | 1 Selenium-download | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10567 | 1 Product-monitor Project | 1 Product-monitor | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download JavaScript resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10578 | 1 Unicode Project | 1 Unicode | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10638 | 1 Js-given Project | 1 Js-given | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| js-given is a JavaScript frontend to jgiven. js-given downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10562 | 1 Iedriver Project | 1 Iedriver | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10607 | 1 Openframe-glslviewer Project | 1 Openframe-glslviewer | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| openframe-glsviewer is a Openframe extension which adds support for shaders via glslViewer. openframe-glsviewer downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10622 | 1 Nodeschnaps Project | 1 Nodeschnaps | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10624 | 1 Selenium-chromedriver Project | 1 Selenium-chromedriver | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10558 | 1 Aerospike | 1 Aerospike | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10619 | 1 Pennyworth Project | 1 Pennyworth | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10641 | 1 Node-bsdiff-android Project | 1 Node-bsdiff-android | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10582 | 1 Closurecompiler Project | 1 Closurecompiler | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10620 | 1 Atom-node-module-installer Project | 1 Atom-node-module-installer | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| atom-node-module-installer installs node modules for atom-shell applications. atom-node-module-installer binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10672 | 1 Cloudpub-redis Project | 1 Cloudpub-redis | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10573 | 1 Baryton-saxophone Project | 1 Baryton-saxophone | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| baryton-saxophone is a module to install and launch Selenium Server for Mac, Linux and Windows. baryton-saxophone versions below 3.0.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10594 | 1 Ipip Project | 1 Ipip | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10598 | 1 Arrayfire-js Project | 1 Arrayfire-js | 2019-10-09 | 8.5 HIGH | 7.5 HIGH |
| arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10613 | 1 Bionode | 1 Bionode-sra | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10657 | 1 Co-cli-installer Project | 1 Co-cli-installer | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||