Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-10596

Summary
Assigner-hackerone
Assigner Org ID-36234546-b8fa-4601-9d6f-f4e334aa8ea1
Published At-01 Jun, 2018 | 18:00
Updated At-17 Sep, 2024 | 00:40
Rejected At-
Credits

imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hackerone
Assigner Org ID:36234546-b8fa-4601-9d6f-f4e334aa8ea1
Published At:01 Jun, 2018 | 18:00
Updated At:17 Sep, 2024 | 00:40
Rejected At:
▼CVE Numbering Authority (CNA)

imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.

Affected Products
Vendor
HackerOneHackerOne
Product
imageoptim node module
Versions
Affected
  • All versions
Problem Types
TypeCWE IDDescription
CWECWE-311Missing Encryption of Sensitive Data (CWE-311)
Type: CWE
CWE ID: CWE-311
Description: Missing Encryption of Sensitive Data (CWE-311)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nodesecurity.io/advisories/194
x_refsource_MISC
Hyperlink: https://nodesecurity.io/advisories/194
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nodesecurity.io/advisories/194
x_refsource_MISC
x_transferred
Hyperlink: https://nodesecurity.io/advisories/194
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:support@hackerone.com
Published At:01 Jun, 2018 | 18:29
Updated At:09 Oct, 2019 | 23:16

imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.1HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
imageoptim_project
imageoptim_project
>>imageoptim>>Versions up to 0.5.0(inclusive)
cpe:2.3:a:imageoptim_project:imageoptim:*:*:*:*:*:node.js:*:*
Weaknesses
CWE IDTypeSource
CWE-310Primarynvd@nist.gov
CWE-311Secondarysupport@hackerone.com
CWE ID: CWE-310
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-311
Type: Secondary
Source: support@hackerone.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://nodesecurity.io/advisories/194support@hackerone.com
Third Party Advisory
Hyperlink: https://nodesecurity.io/advisories/194
Source: support@hackerone.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

171Records found
CVE-2016-10698
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-mystem-fix_projectHackerOne
Product-mystem-fixmystem-fix node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10637
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

haxe-dev is a cross-platform toolkit. haxe-dev downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-haxeHackerOne
Product-haxe-devhaxe-dev node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10634
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-scalajs-standalone-bin_projectHackerOne
Product-scalajs-standalone-binscalajs-standalone-bin node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10585
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-17 Sep, 2024 | 00:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-libxl_projectHackerOne
Product-libxllibxl node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10683
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

arcanist downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-hujiangHackerOne
Product-arcanistarcanist node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10584
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.55% / 66.82%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-16 Sep, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-dalekjsHackerOne
Product-dalekjsdalek-browser-chrome-canary node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10600
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.55% / 66.82%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-webrtcHackerOne
Product-webrtc-nativewebrtc-native node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10651
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.55% / 66.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-16 Sep, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

webdriver-launcher is a Node.js Selenium Webdriver Launcher. webdriver-launcher downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-webdriver-launcher_projectHackerOne
Product-webdriver-launcherwebdriver-launcher node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10563
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.14% / 35.29%
||
7 Day CHG~0.00%
Published-31 May, 2018 | 20:00
Updated-16 Sep, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During the installation process, the go-ipfs-deps module before 0.4.4 insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise.

Action-Not Available
Vendor-ipfsHackerOne
Product-go-ipfs-depgo-ipfs-dep node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10604
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.55% / 66.82%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-17 Sep, 2024 | 02:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-dalekjsHackerOne
Product-dalekjsdalek-browser-chrome node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10648
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

marionette-socket-host is a marionette-js-runner host for sending actions over a socket. marionette-socket-host downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-marionette-socket-host_projectHackerOne
Product-marionette-socket-hostmarionette-socket-host node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10602
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-17 Sep, 2024 | 03:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-haxeHackerOne
Product-haxehaxe node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10670
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-16 Sep, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-windows-seleniumjar-mirror_projectHackerOne
Product-windows-seleniumjar-mirrorwindows-seleniumjar-mirror node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10659
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-16 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-macchinaHackerOne
Product-pocopoco node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10558
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-17 Sep, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-Aerospike Inc.HackerOne
Product-aerospikeaerospike node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10650
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-16 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntfserver is a Network Testing Framework Server. ntfserver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-shutterstockHackerOne
Product-ntfserverntfserver node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10586
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-16 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-macacajsHackerOne
Product-macaca-chromedrivermacaca-chromedriver node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10676
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.55% / 66.82%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-rs-brightcove_projectHackerOne
Product-rs-brightcovers-brightcove node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10559
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-grouponHackerOne
Product-selenium-downloadselenium-download node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10631
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-17 Sep, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jvminstall is a module for downloading and unpacking jvm to local system. jvminstall downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-jvminstall_projectHackerOne
Product-jvminstalljvminstall node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10645
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

grunt-images is a grunt plugin for processing images. grunt-images downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-grunt-images_projectHackerOne
Product-grunt-imagesgrunt-images node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10646
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 02:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

resourcehacker is a Node wrapper of Resource Hacker (windows executable resource editor). resourcehacker downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-resourcehacker_projectHackerOne
Product-resourcehackerresourcehacker node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10564
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.81% / 73.21%
||
7 Day CHG~0.00%
Published-31 May, 2018 | 20:00
Updated-17 Sep, 2024 | 01:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

apk-parser is a tool to extract Android Manifest info from an APK file. apk-parser versions below 0.1.6 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-apk-parser_projectHackerOne
Product-apk-parserapk-parser node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10640
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

node-thulac is a node binding for thulac. node-thulac downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-geoheyHackerOne
Product-node-thulacnode-thulac node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10593
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-1.54% / 80.65%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-16 Sep, 2024 | 22:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. Before 2.5.6, it may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-interactivebrokersHackerOne
Product-ibapiibapi node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10644
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 00:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs. slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-slimerjs-edge_projectHackerOne
Product-slimerjs-edgeslimerjs-edge node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10664
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-16 Sep, 2024 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-mystem_projectHackerOne
Product-mystemmystem node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10619
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.17% / 38.99%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pennyworth is a natural language templating engine. pennyworth downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Action-Not Available
Vendor-pennyworth_projectHackerOne
Product-pennyworthpennyworth node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10669
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-16 Sep, 2024 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-soci_projectHackerOne
Product-socisoci node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10641
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.17% / 38.99%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 02:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

node-bsdiff-android downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

Action-Not Available
Vendor-node-bsdiff-android_projectHackerOne
Product-node-bsdiff-androidnode-bsdiff-android node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10687
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-16 Sep, 2024 | 23:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

windows-selenium-chromedriver is a module that downloads the Selenium Jar file. windows-selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-windows-selenium-chromedriver_projectHackerOne
Product-windows-selenium-chromedriverwindows-selenium-chromedriver node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10599
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-node-sauce-connect_projectHackerOne
Product-node-sauce-connectsauce-connect node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10656
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

qbs is a build tool that helps simplify the build process for developing projects across multiple platforms. qbs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-qbs_projectHackerOne
Product-qbsqbs node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10587
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.55% / 66.82%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-wasdk_projectHackerOne
Product-wasdkwasdk node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10657
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 03:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-co-cli-installer_projectHackerOne
Product-co-cli-installerco-cli-installer node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10603
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-17 Sep, 2024 | 03:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-air-sdk_projectHackerOne
Product-air-sdkair-sdk node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10588
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.91% / 74.86%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nw is an installer for nw.js. nw downloads zipped resources over HTTP, It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-nwjsHackerOne
Product-nwnw node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10649
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-16 Sep, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-frames-compiler_projectHackerOne
Product-frames-compilerframes-compiler node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10679
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-16 Sep, 2024 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-selenium-standalone-painful_projectHackerOne
Product-selenium-standalone-painfulselenium-standalone-painful node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10667
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-16 Sep, 2024 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-selenium-portal_projectHackerOne
Product-selenium-portalselenium-portal node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10689
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 03:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-windows-iedriver_projectHackerOne
Product-windows-iedriverwindows-iedriver node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10592
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.17% / 38.99%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-17 Sep, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Action-Not Available
Vendor-jser-stat_projectHackerOne
Product-jser-statjser-stat node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10573
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

baryton-saxophone is a module to install and launch Selenium Server for Mac, Linux and Windows. baryton-saxophone versions below 3.0.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-baryton-saxophone_projectHackerOne
Product-baryton-saxophonebaryton-saxophone node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10627
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-16 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

scala-bin is a binary wrapper for Scala. scala-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-scala-bin_projectHackerOne
Product-scala-binscala-bin node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10612
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.55% / 66.82%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-17 Sep, 2024 | 02:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-dalekjsHackerOne
Product-dalekjsdalek-browser-ie-canary node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10611
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-16 Sep, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-strider-sauce_projectHackerOne
Product-strider-saucestrider-sauce node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10617
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-box2d-native_projectHackerOne
Product-box2d-nativebox2d-native node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10579
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.81% / 73.21%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-chromedriver_projectHackerOne
Product-chromedriverchromedriver node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10673
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.17% / 38.99%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application.

Action-Not Available
Vendor-ipipHackerOne
Product-ipip-coffeeipip-coffee node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10697
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.63%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 19:00
Updated-17 Sep, 2024 | 00:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-react-native-baidu-voice-synthesizer_projectHackerOne
Product-react-native-baidu-voice-synthesizerreact-native-baidu-voice-synthesizer node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found