Total
2448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10577 | 1 Ibm | 1 Ibm Db | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibm_db before 1.0.2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10629 | 1 Nw-with-arm Project | 1 Nw-with-arm | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| nw-with-arm is a NW Installer including ARM-Build. nw-with-arm downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10618 | 1 Node-browser Project | 1 Node-browser | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10596 | 1 Imageoptim Project | 1 Imageoptim | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10647 | 1 Node-air-sdk Project | 1 Node-air-sdk | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10639 | 1 Redis-srvr Project | 1 Redis-srvr | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| redis-srvr is a npm wrapper for redis-server. redis-srvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10623 | 1 Macaca-chromedriver-zxa Project | 1 Macaca-chromedriver-zxa | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver-zxa downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10616 | 1 Openframe-image Project | 1 Openframe-image | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10563 | 1 Ipfs | 1 Go-ipfs-dep | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise. | |||||
| CVE-2016-10588 | 1 Nwjs | 1 Nw | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| nw is an installer for nw.js. nw downloads zipped resources over HTTP, It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10589 | 1 Spunjs | 1 Selenium-binaries | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| selenium-binaries downloads Selenium related binaries for your OS. selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10603 | 1 Air-sdk Project | 1 Air-sdk | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10673 | 1 Ipip | 1 Ipip-coffee | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application. | |||||
| CVE-2016-10667 | 1 Selenium-portal Project | 1 Selenium-portal | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10600 | 1 Webrtc | 1 Webrtc-native | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10584 | 1 Dalekjs | 1 Dalekjs | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10651 | 1 Webdriver-launcher Project | 1 Webdriver-launcher | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| webdriver-launcher is a Node.js Selenium Webdriver Launcher. webdriver-launcher downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10535 | 1 Csrf-lite Project | 1 Csrf-lite | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present. | |||||
| CVE-2016-10590 | 1 Cue-sdk-node Project | 1 Cue-sdk-node | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10654 | 1 Sfml Project | 1 Sfml | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| sfml downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||