native-ui-toolkit (>=0.0.1 <=0.0.4), nodehotkey (>=1.0.5 <=2.0.15) +2 more potentially affected by CVE-2016-10608 via robot-js (=2.0.0)

robot-js NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on robot-js and may be impacted: - native-ui-toolkit =0.0.1, =1.0.5, =1.1.0, =1.0.0, =1.0.3 Source cves: CVE-2016-10608 Source advisory: OSV:GHSA-6V7P-J23V-4XMW...

Design/Logic Flaw

Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out th...

CVE-2016-10581

CVE-2016-10581 concerns the Steroids library (PhoneGap on Steroids), which downloads zipped resources over HTTP. The description states this makes it vulnerable to MITM attacks and, if an attacker can position themselves between the user and the server, may allow remote code execution by swapping...

FreeBSD : chromium -- multiple vulnerabilities (330106da-7406-11e1-a1d7-00262d5ed8ee)

Google Chrome Releases reports : 113902 High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz. 116162 High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project. 116461 High CVE-2011-3051: Use-after-free in CSS cross-fa...