CVE-2016-10634

scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacke...

CVE-2016-10618

node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10613

bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10599

sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping o...

Remote code execution

selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacke...

Remote code execution

scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacke...

Design/Logic Flaw

node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10596

imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested tarball with an attacker controlled tarball if t...

CVE-2016-10575

Kindlegen is a simple Node.js wrapper of the official kindlegen program. Kindlegen versions before 1.1.0 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

CVE-2016-10576

The CVE-2016-10576 entry affects the Fuseki server wrapper and management API in Fuseki prior to 1.0.1. The issue arises because it downloads binary resources over HTTP, making it susceptible to MITM attacks. An attacker on the network or positioned between the user and the remote server could sw...

CVE-2016-10628

CVE-2016-10628 affects selenium-wrapper, a Selenium server wrapper for installation and Chrome WebDriver. The issue arises because it downloads binary resources over HTTP, enabling a Man-in-the-Middle (MITM) attacker to intercept and potentially swap the binary with a malicious one, which could l...

CVE-2016-10634

scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacke...

CVE-2016-10623

CVE-2016-10623 affects the Node.js wrapper macaca-chromedriver-zxa. The component downloads binary resources over HTTP, creating a MITM risk where an attacker on the network could replace the binary and cause remote code execution. Mitigation from advisories: force HTTPS by setting CHROMEDRIVER_C...

CVE-2016-10618

node-browser is vulnerable to MITM because it downloads resources over HTTP, allowing an attacker on a privileged network to modify or read resources and potentially achieve remote code execution. The advisories note no patch is available and recommend avoiding the package or limiting use on publ...

CVE-2016-10628

selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacke...

CVE-2016-10603

air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network...

CVE-2016-10575

CVE-2016-10575 affects the kindlegen Node.js wrapper. Versions before 1.1.0 download binary resources over HTTP, which makes them vulnerable to man‑in‑the‑middle attacks. An attacker on the network or between the user and the remote server could swap the requested binary with a malicious one, pot...

CVE-2016-10560

galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled...

CVE-2016-10557

appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary...

Remote code execution

appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary...