Total
2463 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10653 | 1 Xd-testing Project | 1 Xd-testing | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
xd-testing is a testing library for cross-device (XD) web applications. xd-testing downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10559 | 1 Groupon | 1 Selenium-download | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10579 | 1 Chromedriver Project | 1 Chromedriver | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10530 | 1 Airbrake | 1 Airbrake | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could be on the same network as a regular user and intercept all the secret keys the user is sending. This goes against common best practice, which is to use HTTPS. | |||||
CVE-2013-3017 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2.1.5 and 7.2.x before 7.2.2 make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging support for weak SSL ciphers. IBM X-Force ID: 84353. | |||||
CVE-2016-10568 | 1 Geoip-lite-country Project | 1 Geoip-lite-country | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
CVE-2016-10646 | 1 Resourcehacker Project | 1 Resourcehacker | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
resourcehacker is a Node wrapper of Resource Hacker (windows executable resource editor). resourcehacker downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2011-4190 | 1 Suse | 2 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server | 2023-12-10 | 3.5 LOW | 5.3 MEDIUM |
The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files). | |||||
CVE-2016-10691 | 1 Windows-seleniumjar Project | 1 Windows-seleniumjar | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10607 | 1 Openframe-glslviewer Project | 1 Openframe-glslviewer | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
openframe-glsviewer is a Openframe extension which adds support for shaders via glslViewer. openframe-glsviewer downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10565 | 1 Cnpmjs | 1 Operadriver | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10665 | 1 Herbivore Project | 1 Herbivore | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
herbivore is a packet sniffing and crafting library. Built on libtins herbivore 0.0.3 and below download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10657 | 1 Co-cli-installer Project | 1 Co-cli-installer | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10637 | 1 Haxe | 1 Haxe-dev | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
haxe-dev is a cross-platform toolkit. haxe-dev downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10581 | 1 Appgyver | 1 Steroids | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10675 | 1 Libsbmlsim Project | 1 Libsbmlsim | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10633 | 1 Dwebp-bin Project | 1 Dwebp-bin | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10673 | 1 Ipip | 1 Ipip-coffee | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application. | |||||
CVE-2016-10688 | 1 Haxe | 1 Haxe | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10644 | 1 Slimerjs-edge Project | 1 Slimerjs-edge | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs. slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. |