Total
2463 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10557 | 1 Appium | 1 Appium-chromedriver | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10639 | 1 Redis-srvr Project | 1 Redis-srvr | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
redis-srvr is a npm wrapper for redis-server. redis-srvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10725 | 1 Bitcoin | 3 Bitcoin-qt, Bitcoin Core, Bitcoind | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavior occurs in the remote network alert system (deprecated since Q1 2016). This affects other uses of the codebase, such as Bitcoin Knots before v0.13.0.knots20160814 and many altcoins. | |||||
CVE-2016-10577 | 1 Ibm | 1 Ibm Db | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibm_db before 1.0.2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10694 | 1 Alto-saxophone Project | 1 Alto-saxophone | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10598 | 1 Arrayfire-js Project | 1 Arrayfire-js | 2023-12-10 | 8.5 HIGH | 7.5 HIGH |
arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10659 | 1 Macchina | 1 Poco | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10602 | 1 Haxe | 1 Haxe | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10564 | 1 Apk-parser Project | 1 Apk-parser | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
apk-parser is a tool to extract Android Manifest info from an APK file. apk-parser versions below 0.1.6 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10690 | 1 Openframe-ascii-image Project | 1 Openframe-ascii-image | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10652 | 1 Prebuild-lwip Project | 1 Prebuild-lwip | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
prebuild-lwip is a module for comprehensive, fast, and simple image processing and manipulation. prebuild-lwip downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
CVE-2016-10572 | 1 Mongodb-instance Project | 1 Mongodb-instance | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10600 | 1 Webrtc | 1 Webrtc-native | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10592 | 1 Jser-stat Project | 1 Jser-stat | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
CVE-2016-10596 | 1 Imageoptim Project | 1 Imageoptim | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10671 | 1 Mystem-wrapper Project | 1 Mystem-wrapper | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10647 | 1 Node-air-sdk Project | 1 Node-air-sdk | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10641 | 1 Node-bsdiff-android Project | 1 Node-bsdiff-android | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
CVE-2016-10570 | 1 Pngcrush-installer Project | 1 Pngcrush-installer | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2015-5039 | 1 Ibm | 1 Rational Clearcase | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715. |