CVE-2016-10645

grunt-images is a grunt plugin for processing images. grunt-images downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on...

CVE-2016-10670

windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if...

CVE-2016-10678

CVE-2016-10678 involves the serc.js Selenium RC process wrapper, which downloads binary resources over HTTP. The underlying issue is that unencrypted HTTP allows an attacker with a privileged network position to perform a MITM and swap the requested binary with a malicious copy, potentially enabl...

CVE-2016-10644

CVE-2016-10644 relates to the npm wrapper slimerjs-edge , which downloads binary resources over HTTP. The core vulnerability is a MITM risk: an attacker on the network could intercept the HTTP response and substitute the requested binary with a malicious one, potentially enabling remote code exec...

CVE-2016-10683

arcanist downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote...

CVE-2016-10686

CVE-2016-10686 affects the node wrapper fis-sass-all for libsass, where binary resources are downloaded over HTTP. The underlying issue enables a man-in-the-middle scenario: an attacker with network position can intercept the HTTP response and replace the requested executable with a malicious cop...

CVE-2016-10668

CVE-2016-10668 affects libsbml, where the installer downloads Linux binaries/resources over unencrypted HTTP, creating a MITM risk. An attacker on the network or in a position between the user and the remote server could swap requested resources with a malicious copy, potentially causing remote c...

CVE-2016-10657

CVE-2016-10657 concerns the co-cli-installer, which downloads the co-cli module over HTTP. The underlying issue is unencrypted HTTP delivery of a binary/executable, enabling a man-in-the-middle attack where an attacker on the network could swap the downloaded resource, potentially leading to remo...

CVE-2016-10647

The CVE-2016-10647 issue affects node-air-sdk, an AIR SDK for Node.js, which downloads binary resources over HTTP. This creates a MITM risk that could allow an attacker in a privileged network position to replace the requested binary with a malicious one, potentially leading to remote code execut...

CVE-2016-10646

CVE-2016-10646 affects the Node wrapper resourcehacker, which downloads binary resources over HTTP. The underlying issue is insecure HTTP delivery, enabling MITM attackers to intercept the response and replace the requested binary with attacker-controlled code, potentially leading to remote code ...

CVE-2016-10640

node-thulac, a Node binding for thulac, downloads binary resources over HTTP, making it vulnerable to MITM attacks. The available sources (NVD/NPM advisory/GHSA/OSV) describe potential remote code execution if an attacker on the network swaps the requested binary with a malicious one. Affected ve...

CVE-2016-10690

The CVE-2016-10690 entry relates to openframe-ascii-image, an Openframe plugin that loads resources over HTTP. Connected advisories (GHSA-XJ6F-X7JM-85FF and OSV/NVD entries) confirm the root cause: insecure HTTP downloads of a binary/executable, enabling a man-in-the-middle attack where an attack...

CVE-2016-10687

CVE-2016-10687 affects the windows-selenium-chromedriver module, which downloads binary resources over HTTP. This enables MITM attackers with network access to swap resources, potentially leading to remote code execution on the affected system. No patch is provided in the linked advisories; remed...

CVE-2016-10670

The CVE-2016-10670 issue affects the window s-seleniumjar-mirror package, which downloads the Selenium Jar over HTTP. The underlying risk is a MITM attacker between the user and the remote server, who could swap the downloaded resource with a malicious executable, potentially leading to remote co...

CVE-2016-10667

CVE-2016-10667 affects the Node.js/selenium-portal package: it downloads binary resources over HTTP, leaving it vulnerable to a network-based MITM that could swap the requested resource with a malicious copy and cause remote code execution. The incident is documented across multiple feeds (NVD, G...

CVE-2016-10664

The CVE-2016-10664 issue affects the mystem Node.js wrapper for Yandex MyStem, where binary resources are downloaded over HTTP. This enables a MITM attacker with network access to swap the requested binary for a malicious one, potentially causing remote code execution on the host. The affected be...

CVE-2016-10663

CVE-2016-10663 affects wixtoolset (Node wrapper around wixtoolset binaries): it downloads binary resources over HTTP, enabling MITM modification of the requested file and potentially remote code execution. Descriptions across multiple sources confirm the root cause is unencrypted HTTP downloads t...

CVE-2016-10639

CVE-2016-10639 affects the npm wrapper redis-srvr , which downloads binary resources over HTTP. The underlying issue is unencrypted HTTP downloads that allow a network-positioned attacker to intercept and swap the requested binary, potentially enabling remote code execution on the host running re...

CVE-2016-10662

CVE-2016-10662 affects the tomita node wrapper for Yandex Tomita Parser. The vulnerability arises because tomita downloads binary resources over HTTP, allowing a network-positioned attacker to perform a MITM and replace the resource with a malicious binary, potentially leading to remote code exec...

CVE-2016-10665

CVE-2016-10665 affects the herbivore library (built on libtins) where binary resources are downloaded over HTTP (versions around 0.0.3 and below). The underlying issue is insecure HTTP fetching which enables aMan-in-the-middle (MITM) interception and substitution of requested binaries, with poten...