2182 matches found
CVE-2016-10634
scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacke...
CVE-2016-10575
CVE-2016-10575 affects the kindlegen Node.js wrapper. Versions before 1.1.0 download binary resources over HTTP, which makes them vulnerable to man‑in‑the‑middle attacks. An attacker on the network or between the user and the remote server could swap the requested binary with a malicious one, pot...
CVE-2016-10603
air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network...
CVE-2016-10623
CVE-2016-10623 affects the Node.js wrapper macaca-chromedriver-zxa. The component downloads binary resources over HTTP, creating a MITM risk where an attacker on the network could replace the binary and cause remote code execution. Mitigation from advisories: force HTTPS by setting CHROMEDRIVER_C...
CVE-2016-10628
CVE-2016-10628 affects selenium-wrapper, a Selenium server wrapper for installation and Chrome WebDriver. The issue arises because it downloads binary resources over HTTP, enabling a Man-in-the-Middle (MITM) attacker to intercept and potentially swap the binary with a malicious one, which could l...
CVE-2016-10618
node-browser is vulnerable to MITM because it downloads resources over HTTP, allowing an attacker on a privileged network to modify or read resources and potentially achieve remote code execution. The advisories note no patch is available and recommend avoiding the package or limiting use on publ...
CVE-2016-10560
galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled...
CVE-2016-10557
appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary...
Remote code execution
appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary...
Remote code execution
iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if...
CVE-2016-10698
mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled...
CVE-2016-10666
tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker i...
CVE-2016-10590
cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker i...
CVE-2016-10627
scala-bin is a binary wrapper for Scala. scala-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...
CVE-2016-10627
scala-bin is a binary wrapper for Scala. scala-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...
Remote code execution
scala-bin is a binary wrapper for Scala. scala-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...
CVE-2016-10666
tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker i...
CVE-2016-10627
The CVE-2016-10627 case involves scala-bin, a binary wrapper for Scala that downloads binaries over HTTP. The documented vulnerability is a MITM risk: an attacker on the network path could intercept the HTTP response and substitute a malicious binary, potentially enabling remote code execution on...
CVE-2016-10666
CVE-2016-10666 affects the Node wrapper for Yandex Tomita Parser, tomita-parser, which downloads binary resources over HTTP. This creates a man-in-the-middle (MitM) risk: an attacker on the network can intercept the HTTP response and swap the executable with a malicious one, potentially leading t...
CVE-2016-10590
CVE-2016-10590 affects the Node.js wrapper cue-sdk-node, which downloads zipped resources over HTTP. The underlying issue is insecure HTTP transfers that enable a MITM attacker to swap the requested zip with a malicious one, potentially enabling remote code execution on the host. The public advis...