11231 matches found
CVE-2016-10698
Summary: The connected advisories confirm that mystem-fix downloads binaries over HTTP, creating a MITM risk that could allow remote code execution if an attacker intercepts the binary. The GHSA entry explicitly states that affected versions insecurely download executables over HTTP, enabling pot...
CVE-2016-10611
CVE-2016-10611 affects the strider-sauce package (Sauce Labs / Selenium support for Strider). The issue stems from downloading zipped resources over HTTP, enabling MITM manipulation; an attacker on the network could swap the requested zip with a malicious one to trigger remote code execution. Pub...
CVE-2016-10682
The CVE-2016-10682 issue affects massif, a PhantomJS fork, which downloads resources over HTTP. The underlying risk is a MITM could replace fetched resources with attacker-controlled binaries, potentially enabling remote code execution when the user retrieves those resources. Multiple sources des...
CVE-2016-10679
CVE-2016-10679 affects selenium-standalone-painful, where the tool downloads binaries over HTTP. This insecure download path enables a network-positioned attacker to MITM and swap the binary with a malicious copy, potentially achieving remote code execution on the host running selenium-standalone...
CVE-2016-10559
selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...
CVE-2016-10658
The CVE-2016-10658 entry concerns the native-opencv npm package, which downloads binary resources over HTTP. This insecure download path allows a network-positioned attacker to MITM and replace the requested binary with a malicious version, potentially leading to remote code execution on the host...
CVE-2016-10601
CVE-2016-10601 affects the npm package webdrvr (Selenium Webdriver wrapper). The vulnerability arises because webdrvr downloads binary resources over HTTP, enabling an attacker on the network path to perform a MITM and replace the requested binary with a malicious one, potentially leading to remo...
CVE-2016-10577
ibmdb is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibmdb before 1.0.2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...
CVE-2016-10698
mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled...
CVE-2016-10586
macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker...
CVE-2016-10589
selenium-binaries downloads Selenium related binaries for your OS. selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if t...
CVE-2016-10573
CVE-2016-10573 affects the baryton-saxophone module (used to install/launch Selenium Server) and stems from downloading binary resources over HTTP before version 3.0.1. This enables a network-position attacker (MitM) to swap the downloaded binary with a malicious one, potentially leading to remot...
CVE-2017-16003
The CVE-2017-16003 entry affects the Windows tool Windows-build-tools (npm module for installing C++ Build Tools). Versions below 1.0.0 download resources over HTTP, which enables MITM interception of the downloaded executables. An attacker on the network could swap the requested resources with m...
CVE-2016-10591
CVE-2016-10591 affects Prince (Node API for executing PrinceXML via the prince(1) CLI). The vulnerability arises because Prince downloads zipped resources over HTTP, making it susceptible to Man-in-the-Middle attacks that could swap the requested tarball/executable with a malicious one. In networ...
CVE-2016-10681
The CVE-2016-10681 issue affects roslib-socketio. Affected code downloads binary resources over HTTP, enabling MITM interception and, in a network-positioned scenario, potential remote code execution by substituting the requested binary with a malicious one. Public advisories (GHSA-xq8r-r72r-pqwm...
CVE-2016-10659
The CVE affects the Poco libraries: it downloads source/executable resources over HTTP, enabling MITM interception and potential remote code execution if an attacker sits between the user and the remote server. Documented in multiple sources (GHSA- F757-9C4X-CHFF, NVD) with no patch available; re...
CVE-2016-10558
The vulnerability CVE-2016-10558 affects the Aerospike Node.js addon. Versions below 2.4.2 download binary resources over HTTP, allowing a privileged network attacker to perform a MITM and swap the binary, potentially leading to remote code execution on the host running aerospike. The issue is tr...
CVE-2016-10674
The CVE-2016-10674 entry concerns limbus-buildgen, a build system that downloads binary resources over HTTP when versions below 0.1.1 are used. This insecure HTTP fetch opens the process to MITM tampering, allowing an attacker to swap the requested resources and potentially execute code on the ho...
CVE-2016-10650
CVE-2016-10650 affects ntfserver (Network Testing Framework Server). The vulnerability arises because ntfserver downloads binary resources over HTTP, allowing a network-positioned attacker to perform a MITM and swap the requested binary with a malicious one, potentially leading to remote code exe...
CVE-2016-10666
CVE-2016-10666 affects the Node wrapper for Yandex Tomita Parser, tomita-parser, which downloads binary resources over HTTP. This creates a man-in-the-middle (MitM) risk: an attacker on the network can intercept the HTTP response and swap the executable with a malicious one, potentially leading t...