CVE-2016-10557

appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary...

CVE-2016-10560

galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled...

CVE-2016-10564

apk-parser is a tool to extract Android Manifest info from an APK file. apk-parser versions below 0.1.6 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...

CVE-2016-10569

The CVE-2016-10569 issue affects the embedza module prior to version 1.2.4, where JavaScript resources are downloaded over HTTP. This enables a man-in-the-middle scenario where an attacker on the network could swap the requested JavaScript with a malicious file, potentially leading to remote code...

CVE-2016-10565

CVE-2016-10565 affects operadriver (Opera Driver for Selenium). The vulnerability arises because operadriver versions below 0.2.3 download binary resources over HTTP, enabling potential MITM manipulation of the downloaded binary. The attacker could substitute the binary with a malicious one if po...

CVE-2016-10557

CVE-2016-10557 affects the Node.js wrapper library appium-chromedriver . Versions below 2.9.4 download binary resources over HTTP, creating susceptibility to man-in-the-middle (MITM) attacks. If an attacker in a privileged network position replaces the downloaded chromedriver binary, remote code ...

CVE-2016-10562

CVE-2016-10562 affects the npm wrapper for Selenium IEDriver, iedriver . The vulnerability arises because versions below 3.0.0 download binary resources over HTTP, enabling a network-level MITM attacker to swap the requested binary with a malicious one and potentially trigger remote code executio...

CVE-2016-10572

mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker ...

CVE-2016-10560

galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled...

CVE-2016-10560

Galenframework-cli (node wrapper) below 2.3.1 downloads binaries over HTTP, enabling MITM and possible remote code execution if an attacker intercepts the binary. Remediation: upgrade to 2.3.1 or later.

CVE-2016-10571

bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-wand versions lower than 0.3.2 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controll...

CVE-2016-10571

CVE-2016-10571 affects bkjs-wand (ImageMagick wand support for Node.js/backendjs). Versions

CVE-2018-11220

CVE-2018-11220 affects Bitmain Antminer D3, L3+, and S9 devices. The vulnerability enables remote command execution through the device’s system restore/recovery functionality, allowing an attacker with or without authentication (depending on context) to trigger arbitrary commands on the device. C...

Man In The Middle (MitM)

cue-sdk-node is vulnerable to man-in-the-middle MitM attacks. This is because the libraries download zipped resources via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested zipped file with an attacker controlled zipped file if the attacker is o...

Man-in-the-Middle (MitM)

massif is vulnerable to man-in-the-middle MitM attacks. This is because the application downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is o...

Man-in-the-Middle (MitM)

roslib-socketio are vulnerable to man-in-the-middle MitM attacks. This is because the application downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the...

Man-in-the-Middle (MitM)

limbus-buildgen is vulnerable to man-in-the-middle MitM attacks. This is because the application downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the...

Man-in-the-Middle (MitM)

tomita-parser is vulnerable to man-in-the-middle MitM attacks. This is because the application downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attack...

Man-in-the-Middle (MitM)

poco is vulnerable to man-in-the-middle MitM attacks. The application downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

Man-in-the-Middle (MitM)

native-opencv is vulnerable to man-in-the-middle MitM attacks. The application downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...