Total
2448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10591 | 1 Prince Project | 1 Prince | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince(1) CLI. prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10585 | 1 Libxl Project | 1 Libxl | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10565 | 1 Cnpmjs | 1 Operadriver | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10601 | 1 Uxebu | 1 Webdrvr | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10656 | 1 Qbs Project | 1 Qbs | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| qbs is a build tool that helps simplify the build process for developing projects across multiple platforms. qbs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10633 | 1 Dwebp-bin Project | 1 Dwebp-bin | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10625 | 1 Headless-browser-lite Project | 1 Headless-browser-lite | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| headless-browser-lite is a minimal npm installer for phantomjs and slimerjs with no external dependencies. headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10630 | 1 Install-g-test Project | 1 Install-g-test | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10649 | 1 Frames-compiler Project | 1 Frames-compiler | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10570 | 1 Pngcrush-installer Project | 1 Pngcrush-installer | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10614 | 1 Httpsync Project | 1 Httpsync | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10604 | 1 Dalekjs | 1 Dalekjs | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10650 | 1 Shutterstock | 1 Ntfserver | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| ntfserver is a Network Testing Framework Server. ntfserver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10568 | 1 Geoip-lite-country Project | 1 Geoip-lite-country | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10665 | 1 Herbivore Project | 1 Herbivore | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| herbivore is a packet sniffing and crafting library. Built on libtins herbivore 0.0.3 and below download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10666 | 1 Yandex | 1 Tomita-parser | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10637 | 1 Haxe | 1 Haxe-dev | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| haxe-dev is a cross-platform toolkit. haxe-dev downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10572 | 1 Mongodb-instance Project | 1 Mongodb-instance | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10586 | 1 Macacajs | 1 Macaca-chromedriver | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10599 | 1 Node-sauce-connect Project | 1 Node-sauce-connect | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||