CVE-2016-10665

CVE-2016-10665 affects the herbivore library (built on libtins) where binary resources are downloaded over HTTP (versions around 0.0.3 and below). The underlying issue is insecure HTTP fetching which enables aMan-in-the-middle (MITM) interception and substitution of requested binaries, with poten...

CVE-2016-10664

mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if th...

CVE-2016-10644

slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs. slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controll...

CVE-2016-10686

fis-sass-all is another libsass wrapper for node. fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the...

CVE-2016-10693

pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacke...

CVE-2016-10692

CVE-2016-10692 concerns the haxeshim Haxe shim. Multiple connected sources confirm the affected component is haxeshim, which downloads resources over HTTP. The underlying vulnerability is exposure to man-in-the-middle (MITM) attacks, enabling an attacker on the network to swap requested resources...

CVE-2016-10639

redis-srvr is a npm wrapper for redis-server. redis-srvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the networ...

CVE-2016-10642

cmake installs the cmake x86 linux binaries. cmake downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

CVE-2016-10676

rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacke...

CVE-2016-10667

selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on th...

CVE-2016-10637

CVE-2016-10637 affects haxe-dev, a cross-platform toolkit. The vulnerability arises when haxe-dev downloads binary resources over HTTP, allowing a network-adjacent attacker to perform a MITM and swap the requested binary with an attacker-controlled one, potentially leading to remote code executio...

CVE-2016-10656

The provided documents confirm that qbs vulnerably downloads binary resources over HTTP, enabling a potential MITM attacker on the network to swap the requested binary with a malicious one and possibly execute code on the host. The risk is described as remote code execution under network-position...

CVE-2016-10671

mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is ...

CVE-2016-10638

The CVE-2016-10638 issue affects the JavaScript frontend js-given, which downloads binary resources over HTTP. The root cause is insecure (unencrypted) HTTP delivery, enabling a MitM attacker to intercept the response and substitute the requested binary with a malicious one, potentially leading t...

CVE-2016-10643

CVE-2016-10643 affects jstestdriver, a wrapper for Google's jstestdriver. The vulnerability arises because it downloads binary resources over HTTP, enabling a MitM attacker on the network to swap the binary with a malicious one and potentially achieve remote code execution. Affected versions are ...

CVE-2016-10642

The CVE-2016-10642 entry corresponds to cmake downloading binary resources over HTTP, enabling MITM and potential remote code execution if an attacker is on the network. Connected sources (GHSA-4J59-HFW6-6W7H and OSV) confirm that affected cmake versions insecurely fetch executables via unencrypt...

CVE-2016-10647

The CVE-2016-10647 issue affects node-air-sdk, an AIR SDK for Node.js, which downloads binary resources over HTTP. This creates a MITM risk that could allow an attacker in a privileged network position to replace the requested binary with a malicious one, potentially leading to remote code execut...

CVE-2016-10644

CVE-2016-10644 relates to the npm wrapper slimerjs-edge , which downloads binary resources over HTTP. The core vulnerability is a MITM risk: an attacker on the network could intercept the HTTP response and substitute the requested binary with a malicious one, potentially enabling remote code exec...

CVE-2016-10687

CVE-2016-10687 affects the windows-selenium-chromedriver module, which downloads binary resources over HTTP. This enables MITM attackers with network access to swap resources, potentially leading to remote code execution on the affected system. No patch is provided in the linked advisories; remed...

CVE-2016-10646

CVE-2016-10646 affects the Node wrapper resourcehacker, which downloads binary resources over HTTP. The underlying issue is insecure HTTP delivery, enabling MITM attackers to intercept the response and replace the requested binary with attacker-controlled code, potentially leading to remote code ...