Total
2463 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10589 | 1 Spunjs | 1 Selenium-binaries | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
selenium-binaries downloads Selenium related binaries for your OS. selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10604 | 1 Dalekjs | 1 Dalekjs | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10606 | 1 Grunt-webdriver-qunit Project | 1 Grunt-webdriver-qunit | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10645 | 1 Grunt-images Project | 1 Grunt-images | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
grunt-images is a grunt plugin for processing images. grunt-images downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10651 | 1 Webdriver-launcher Project | 1 Webdriver-launcher | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
webdriver-launcher is a Node.js Selenium Webdriver Launcher. webdriver-launcher downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10574 | 1 Apk-parser3 Project | 1 Apk-parser3 | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
apk-parser3 is a module to extract Android Manifest info from an APK file. apk-parser3 versions before 0.1.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10578 | 1 Unicode Project | 1 Unicode | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
unicode loads unicode data downloaded from unicode.org into nodejs. Unicode before 9.0.0 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
CVE-2016-10676 | 1 Rs-brightcove Project | 1 Rs-brightcove | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10609 | 2 Chromedriver126 Project, Linux | 2 Chromedriver126, Linux Kernel | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
chromedriver126 is chromedriver version 1.26 for linux OS. chromedriver126 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10680 | 1 Adamvr-geoip-lite Project | 1 Adamvr-geoip-lite | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an application using this data. | |||||
CVE-2016-10655 | 1 Clang-extra Project | 1 Clang-extra | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
The clang-extra module installs LLVM's clang-extra tools. clang-extra downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10558 | 1 Aerospike | 1 Aerospike | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10642 | 1 Cmake Project | 1 Cmake | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
cmake installs the cmake x86 linux binaries. cmake downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10677 | 1 Google-closure-tools-latest Project | 1 Google-closure-tools-latest | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Google Closure tools google-closure-tools-latest downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10613 | 1 Bionode | 1 Bionode-sra | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. | |||||
CVE-2016-10678 | 1 Serc.js Project | 1 Serc.js | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
serc.js is a Selenium RC process wrapper serc.js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-1000343 | 2 Bouncycastle, Debian | 2 Legion-of-the-bouncy-castle-java-crytography-api, Debian Linux | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator. | |||||
CVE-2016-10608 | 1 Getrobot | 1 Robot-js | 2023-12-10 | 9.3 HIGH | 7.5 HIGH |
robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10667 | 1 Selenium-portal Project | 1 Selenium-portal | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
CVE-2016-10610 | 1 Unicode | 1 Unicode-json | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. |