Total
466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10626 | 1 Mystem3 Project | 1 Mystem3 | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10625 | 1 Headless-browser-lite Project | 1 Headless-browser-lite | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| headless-browser-lite is a minimal npm installer for phantomjs and slimerjs with no external dependencies. headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10624 | 1 Selenium-chromedriver Project | 1 Selenium-chromedriver | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10623 | 1 Macaca-chromedriver-zxa Project | 1 Macaca-chromedriver-zxa | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver-zxa downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10622 | 1 Nodeschnaps Project | 1 Nodeschnaps | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10621 | 1 Fibjs Project | 1 Fibjs | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| fibjs is a runtime for javascript applictions built on google v8 JS. fibjs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10620 | 1 Atom-node-module-installer Project | 1 Atom-node-module-installer | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| atom-node-module-installer installs node modules for atom-shell applications. atom-node-module-installer binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10619 | 1 Pennyworth Project | 1 Pennyworth | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10618 | 1 Node-browser Project | 1 Node-browser | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10617 | 1 Box2d-native Project | 1 Box2d-native | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10616 | 1 Openframe-image Project | 1 Openframe-image | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10615 | 1 Curses Project | 1 Curses | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| curses is bindings for the native curses library, a full featured console IO library. curses downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10614 | 1 Httpsync Project | 1 Httpsync | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10613 | 1 Bionode | 1 Bionode-sra | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10612 | 1 Dalekjs | 1 Dalekjs | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10611 | 1 Strider-sauce Project | 1 Strider-sauce | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10610 | 1 Unicode | 1 Unicode-json | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10609 | 2 Chromedriver126 Project, Linux | 2 Chromedriver126, Linux Kernel | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| chromedriver126 is chromedriver version 1.26 for linux OS. chromedriver126 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10608 | 1 Getrobot | 1 Robot-js | 2024-11-21 | 9.3 HIGH | 7.5 HIGH |
| robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10607 | 1 Openframe-glslviewer Project | 1 Openframe-glslviewer | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| openframe-glsviewer is a Openframe extension which adds support for shaders via glslViewer. openframe-glsviewer downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||