CVE-2016-10581

Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out th...

CVE-2016-10587

wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

CVE-2016-10596

imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested tarball with an attacker controlled tarball if t...

CVE-2016-10600

webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

CVE-2016-10602

haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned...

CVE-2016-10605

The CVE-2016-10605 entry concerns the dalek-browser-ie bindings for DalekJS, which downloads binary resources over HTTP. This creates a MITM risk where an attacker on the network can intercept and replace the binary, potentially enabling remote code execution on the user’s system. Public advisori...

CVE-2016-10626

CVE-2016-10626 affects mystem3, a NodeJS wrapper for Yandex MyStem 3. The vulnerability arises because mystem3 downloads binary resources over HTTP, which enables a man‑in‑the‑middle (MitM) attacker to intercept the response and replace the binary with a malicious one. If the attacker sits betwee...

CVE-2016-10617

CVE-2016-10617 involves vulnerable box2d-native behavior where binary resources are downloaded over HTTP, enabling man-in-the-middle (MITM) tampering. The provided sources describe that an attacker with a privileged network position can intercept the response and replace the binary with a malicio...

CVE-2016-10633

CVE-2016-10633 affects dwebp-bin, a Node.js wrapper for dwebp that converts WebP to PNG. The vulnerability arises because it downloads binary resources over HTTP, enabling MITM tampering. An attacker on the network could swap the requested binary with a malicious one, potentially triggering remot...

CVE-2016-10609

The CVE-2016-10609 entry refers to chromedriver126 (Chromedriver 1.26 for Linux) that downloads binary resources over HTTP, creating a MITM risk. In adversarial network positions, an attacker could intercept the HTTP response and swap the binary with malware, potentially causing remote code execu...

CVE-2016-10579

Chromedriver (the NPM wrapper for selenium ChromeDriver) before version 2.26.1 downloads binary resources over HTTP, enabling MitM modification or interception of the downloaded binary. This can potentially lead to remote code execution if an attacker on the network swaps the binary with a malici...

CVE-2016-10608

CVE-2016-10608 affects the robot-js module used for native system automation in Node.js. The vulnerability arises because robot-js downloads binary resources over HTTP, enabling a MITM attacker in a privileged network position to intercept the response and replace the binary with a malicious one,...

CVE-2016-10602

CVE-2016-10602 affects the cross-platform toolkit haxe . The issue occurs because haxe downloads zipped resources over HTTP, exposing users to man-in-the-middle (MITM) attacks. An attacker on the network could swap the requested zip with a malicious one, potentially leading to remote code executi...

CVE-2016-10582

Closurecompiler (Node.js) is affected by a vulnerability where it downloads binary resources over HTTP, enabling MITM interference and potentially remote code execution if an attacker can replace the binary in transit. On the connected advisories, the issue is described for closurecompiler with t...

CVE-2016-10583

Affected software: closure-util / closure-utils. Issue: downloads binary resources over HTTP, enabling a man-in-the-middle (MitM) where an attacker in a privileged network position can intercept and replace the binary, potentially leading to remote code execution (RCE). Impact (as stated): code e...

CVE-2016-10576

The CVE-2016-10576 entry affects the Fuseki server wrapper and management API in Fuseki prior to 1.0.1. The issue arises because it downloads binary resources over HTTP, making it susceptible to MITM attacks. An attacker on the network or positioned between the user and the remote server could sw...

CVE-2016-10603

CVE-2016-10603 affects the npm package air-sdk (a wrapper for the Adobe AIR SDK). The vulnerability arises because air-sdk downloads binary resources over HTTP rather than HTTPS, enabling a man-in-the-middle (MITM) position to intercept the response and swap the requested binary with a malicious ...

CVE-2016-10614

The CVE-2016-10614 entry concerns httpsync, a Node.js port of libcurl. The vulnerability arises because httpsync downloads binary resources over HTTP, enabling MITM attackers to swap the downloaded binary with a malicious one and potentially trigger remote code execution if the attacker is on the...

CVE-2016-10604

dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the...

CVE-2016-10626

mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...