Total
2448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10611 | 1 Strider-sauce Project | 1 Strider-sauce | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10610 | 1 Unicode | 1 Unicode-json | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10609 | 2 Chromedriver126 Project, Linux | 2 Chromedriver126, Linux Kernel | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| chromedriver126 is chromedriver version 1.26 for linux OS. chromedriver126 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10608 | 1 Getrobot | 1 Robot-js | 2024-11-21 | 9.3 HIGH | 7.5 HIGH |
| robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10607 | 1 Openframe-glslviewer Project | 1 Openframe-glslviewer | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| openframe-glsviewer is a Openframe extension which adds support for shaders via glslViewer. openframe-glsviewer downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10606 | 1 Grunt-webdriver-qunit Project | 1 Grunt-webdriver-qunit | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10605 | 1 Dalekjs | 1 Dalekjs | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-browser-ie downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10604 | 1 Dalekjs | 1 Dalekjs | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10603 | 1 Air-sdk Project | 1 Air-sdk | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10602 | 1 Haxe | 1 Haxe | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10601 | 1 Uxebu | 1 Webdrvr | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10600 | 1 Webrtc | 1 Webrtc-native | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10599 | 1 Node-sauce-connect Project | 1 Node-sauce-connect | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10598 | 1 Arrayfire-js Project | 1 Arrayfire-js | 2024-11-21 | 8.5 HIGH | 7.5 HIGH |
| arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10596 | 1 Imageoptim Project | 1 Imageoptim | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10595 | 1 Jdf-sass Project | 1 Jdf-sass | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested file with an attacker controlled file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10594 | 1 Ipip Project | 1 Ipip | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10593 | 1 Interactivebrokers | 1 Ibapi | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. Before 2.5.6, it may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2016-10592 | 1 Jser-stat Project | 1 Jser-stat | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
| CVE-2016-10591 | 1 Prince Project | 1 Prince | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince(1) CLI. prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server. | |||||