CVE-2016-10634

CVE-2016-10634 affects the scalajs-standalone-bin Binary wrapper for ScalaJS. The issue: the component downloads binary resources over HTTP, enabling MITM interception; an attacker on the network could swap the requested binary with a malicious one, potentially causing remote code execution on th...

CVE-2016-10623

CVE-2016-10623 affects the Node.js wrapper macaca-chromedriver-zxa. The component downloads binary resources over HTTP, creating a MITM risk where an attacker on the network could replace the binary and cause remote code execution. Mitigation from advisories: force HTTPS by setting CHROMEDRIVER_C...

CVE-2016-10587

The CVE-2016-10587 issue affects the wasdk toolkit for creating WebAssembly modules, where binary resources are downloaded over unencrypted HTTP. This plaintext transmission enables a man-in-the-middle to swap the requested binary with a malicious one, potentially causing remote code execution on...

CVE-2016-10575

CVE-2016-10575 affects the kindlegen Node.js wrapper. Versions before 1.1.0 download binary resources over HTTP, which makes them vulnerable to man‑in‑the‑middle attacks. An attacker on the network or between the user and the remote server could swap the requested binary with a malicious one, pot...

CVE-2016-10633

dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacke...

CVE-2016-10607

openframe-glsviewer is a Openframe extension which adds support for shaders via glslViewer. openframe-glsviewer downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an...

CVE-2016-10608

robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker i...

CVE-2016-10583

closure-utils is Utilities for Closure Library based projects. closure-utils downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the...

CVE-2016-10634

scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacke...

CVE-2016-10624

selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary wit...

CVE-2016-10614

httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

CVE-2016-10623

macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver-zxa downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

CVE-2016-10603

air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network...

CVE-2016-10622

nodeschnaps is a NodeJS compatibility layer for Java Rhino. nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker i...

CVE-2016-10588

CVE-2016-10588 affects the nw installer for nw.js. The install process downloads zipped resources over HTTP, enabling a network-positioned attacker to swap the requested zip with a malicious binary, potentially causing remote code execution on the user’s system. The issue is corroborated by multi...

CVE-2016-10625

CVE-2016-10625 affects headless-browser-lite, a minimal npm installer for phantomjs/slimerjs. The vulnerability arises from downloading binary resources over HTTP, enabling an attacker on the network to perform a MITM swap of the requested binary, potentially leading to remote code execution on t...

CVE-2016-10598

CVE-2016-10598 affects the Node.js module arrayfire-js . The vulnerability arises because it downloads binary resources over HTTP, enabling MitM interception. If an attacker on the network can swap the requested binary with a malicious one, remote code execution (RCE) may be possible on the host ...

CVE-2016-10607

Openframe-glslviewer is vulnerable because it downloads binary resources over HTTP, which enables MitM attacks. If an attacker is on the network path, they could replace the requested binary with a malicious one, potentially causing remote code execution on the host running openframe-glslviewer. ...

CVE-2016-10596

The CVE-2016-10596 entry concerns imageoptim, a Node.js wrapper for image compression algorithms. The vulnerability arises because it downloads zipped resources over HTTP, enabling MITM attacks. A remote code execution (RCE) could be possible if an attacker swaps the tarball with a malicious one ...

CVE-2016-10629

The CVE-2016-10629 entry corresponds to nw-with-arm (NW Installer including ARM-Build), which insecurely downloads resources over HTTP. The root cause is unencrypted HTTP retrieval of executables, enabling an attacker with a privileged network position to intercept and replace the binary, potenti...