CVE-2016-10638

The CVE-2016-10638 issue affects the JavaScript frontend js-given, which downloads binary resources over HTTP. The root cause is insecure (unencrypted) HTTP delivery, enabling a MitM attacker to intercept the response and substitute the requested binary with a malicious one, potentially leading t...

CVE-2016-10671

The CVE-2016-10671 issue affects the mystem-wrapper; the wrapper downloads binary resources over HTTP, exposing it to MITM attacks. A malicious actor on the network could swap the requested resources with a attacker-controlled copy, potentially enabling remote code execution on the host running m...

CVE-2016-10671

mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is ...

CVE-2016-10691

CVE-2016-10691 affects the windows-seleniumjar package, which downloads the Selenium Jar over HTTP. The underlying issue is insecure binary/resource retrieval that can be intercepted in a privileged network position, enabling an attacker to swap the downloaded binary and potentially achieve remot...

CVE-2016-10693

pm2-kafka is a PM2 module that downloads binaries over HTTP, making it vulnerable to MITM. An attacker with a privileged network position can intercept and replace the requested binary, potentially achieving remote code execution on the host running pm2-kafka. Various sources (NVD, CVE records, G...

CVE-2016-10655

The CVE-2016-10655 issue affects the clang-extra component of LLVM/clang-extra, where the tool downloads binary resources over HTTP. This enables a man-in-the-middle scenario if an attacker can position themselves on the network, potentially replacing downloaded resources with malicious ones and ...

CVE-2016-10667

selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on th...

Man-in-the-Middle (MitM)

scalajs-standalone-bin is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker i...

Man-in-the-Middle (MitM)

jvminstall is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

Man-in-the-Middle (MitM)

selenium-wrapper is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on t...

Man-in-the-Middle (MitM)

selenium-chromedriver is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is...

Man In The Middle (MitM)

node-browser is vulnerable to man-in-the-middle MitM attacks via downloading resources over HTTP. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and...

Man-in-the-Middle (MitM)

curses is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network...

Man-in-the-Middle (MitM)

dalek-browser-ie-canary is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker ...

Man-in-the-Middle (MitM)

robot-js is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the netwo...

Man-in-the-Middle (MitM)

dalek-browser-ie is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on t...

Man In The Middle (MitM)

arrayfire-js is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

Man-in-the-Middle (MitM)

chromedriver126 is vulnerable to man-in-the-middle MitM attack. This is possible because it does not prevent downloading of executables via HTTP if the attacker is on the network or positioned in between the user and the remote server. Consequently, it may potentially cause remote code execution...

Man-in-the-Middle (MitM)

bionode-sra is vulnerable to man-in-the-middle MitM attack. This is possible because it does not prevent downloading of executables via HTTP if the attacker is on the network or positioned in between the user and the remote server. Consequently, it may potentially cause remote code execution RCE ...

Man-in-the-Middle (MitM)

jdf-sass is vulnerable to man-in-the-middle MitM attacks via downloading resources over HTTP. It may also be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and...