Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-10649

Summary
Assigner-hackerone
Assigner Org ID-36234546-b8fa-4601-9d6f-f4e334aa8ea1
Published At-04 Jun, 2018 | 16:00
Updated At-16 Sep, 2024 | 18:23
Rejected At-
Credits

frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hackerone
Assigner Org ID:36234546-b8fa-4601-9d6f-f4e334aa8ea1
Published At:04 Jun, 2018 | 16:00
Updated At:16 Sep, 2024 | 18:23
Rejected At:
▼CVE Numbering Authority (CNA)

frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Affected Products
Vendor
HackerOneHackerOne
Product
frames-compiler node module
Versions
Affected
  • All versions
Problem Types
TypeCWE IDDescription
CWECWE-311Missing Encryption of Sensitive Data (CWE-311)
Type: CWE
CWE ID: CWE-311
Description: Missing Encryption of Sensitive Data (CWE-311)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nodesecurity.io/advisories/247
x_refsource_MISC
Hyperlink: https://nodesecurity.io/advisories/247
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nodesecurity.io/advisories/247
x_refsource_MISC
x_transferred
Hyperlink: https://nodesecurity.io/advisories/247
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:support@hackerone.com
Published At:04 Jun, 2018 | 16:29
Updated At:09 Oct, 2019 | 23:16

frames-compiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.1HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
frames-compiler_project
frames-compiler_project
>>frames-compiler>>-
cpe:2.3:a:frames-compiler_project:frames-compiler:-:*:*:*:*:node.js:*:*
Weaknesses
CWE IDTypeSource
CWE-310Primarynvd@nist.gov
CWE-311Secondarysupport@hackerone.com
CWE ID: CWE-310
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-311
Type: Secondary
Source: support@hackerone.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://nodesecurity.io/advisories/247support@hackerone.com
Third Party Advisory
Hyperlink: https://nodesecurity.io/advisories/247
Source: support@hackerone.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

160Records found
CVE-2016-10637
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

haxe-dev is a cross-platform toolkit. haxe-dev downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-haxeHackerOne
Product-haxe-devhaxe-dev node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10659
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-16 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-macchinaHackerOne
Product-pocopoco node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10639
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

redis-srvr is a npm wrapper for redis-server. redis-srvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-redis-srvr_projectHackerOne
Product-redis-srvrredis-srvr node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10687
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-16 Sep, 2024 | 23:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

windows-selenium-chromedriver is a module that downloads the Selenium Jar file. windows-selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-windows-selenium-chromedriver_projectHackerOne
Product-windows-selenium-chromedriverwindows-selenium-chromedriver node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10656
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

qbs is a build tool that helps simplify the build process for developing projects across multiple platforms. qbs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-qbs_projectHackerOne
Product-qbsqbs node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10662
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tomita is a node wrapper for Yandex Tomita Parser tomita downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-tomita_projectHackerOne
Product-tomitatomita node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10629
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 23:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nw-with-arm is a NW Installer including ARM-Build. nw-with-arm downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-nw-with-arm_projectHackerOne
Product-nw-with-armnw-with-arm node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10559
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-grouponHackerOne
Product-selenium-downloadselenium-download node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10590
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-16 Sep, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-cue-sdk-node_projectHackerOne
Product-cue-sdk-nodecue-sdk-node node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10577
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-1.13% / 77.49%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-16 Sep, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibm_db before 1.0.2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-HackerOneIBM Corporation
Product-ibm_dbibm_db node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10653
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.55% / 66.81%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-16 Sep, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xd-testing is a testing library for cross-device (XD) web applications. xd-testing downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-xd-testing_projectHackerOne
Product-xd-testingxd-testing node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10648
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

marionette-socket-host is a marionette-js-runner host for sending actions over a socket. marionette-socket-host downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-marionette-socket-host_projectHackerOne
Product-marionette-socket-hostmarionette-socket-host node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10626
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-17 Sep, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-mystem3_projectHackerOne
Product-mystem3mystem3 node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10594
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.17% / 38.97%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 22:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Action-Not Available
Vendor-ipip_projectHackerOne
Product-ipipipip node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10576
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-17 Sep, 2024 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-fuseki_projectHackerOne
Product-fusekifuseki node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10568
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.17% / 38.97%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-16 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Action-Not Available
Vendor-geoip-lite-country_projectHackerOne
Product-geoip-lite-countrygeoip-lite-country node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10618
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.17% / 38.97%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

Action-Not Available
Vendor-node-browser_projectHackerOne
Product-node-browsernode-browser node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10616
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.17% / 38.97%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

openframe-image is an Openframe extension which adds support for images via fbi. openframe-image downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Action-Not Available
Vendor-openframe-image_projectHackerOne
Product-openframe-imageopenframe-image node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10696
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 19:00
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-windows-latestchromedriver_projectHackerOne
Product-windows-latestchromedriverwindows-latestchromedriver node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10657
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 03:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-co-cli-installer_projectHackerOne
Product-co-cli-installerco-cli-installer node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10580
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.55% / 66.81%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-17 Sep, 2024 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nodewebkit is an installer for node-webkit. nodewebkit downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-nodewebkit_projectHackerOne
Product-nodewebkitnodewebkit node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10675
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-libsbmlsim_projectHackerOne
Product-libsbmlsimlibsbmlsim node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10617
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-box2d-native_projectHackerOne
Product-box2d-nativebox2d-native node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10574
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

apk-parser3 is a module to extract Android Manifest info from an APK file. apk-parser3 versions before 0.1.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-apk-parser3_projectHackerOne
Product-apk-parser3apk-parser3 node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10645
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

grunt-images is a grunt plugin for processing images. grunt-images downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-grunt-images_projectHackerOne
Product-grunt-imagesgrunt-images node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10698
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-mystem-fix_projectHackerOne
Product-mystem-fixmystem-fix node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10669
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-16 Sep, 2024 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-soci_projectHackerOne
Product-socisoci node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10679
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-16 Sep, 2024 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-selenium-standalone-painful_projectHackerOne
Product-selenium-standalone-painfulselenium-standalone-painful node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10651
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.55% / 66.81%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-16 Sep, 2024 | 21:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

webdriver-launcher is a Node.js Selenium Webdriver Launcher. webdriver-launcher downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-webdriver-launcher_projectHackerOne
Product-webdriver-launcherwebdriver-launcher node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10634
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-scalajs-standalone-bin_projectHackerOne
Product-scalajs-standalone-binscalajs-standalone-bin node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10678
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-16 Sep, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

serc.js is a Selenium RC process wrapper serc.js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-serc.js_projectHackerOne
Product-serc.jsserc.js node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10633
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.55% / 66.81%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-dwebp-bin_projectHackerOne
Product-dwebp-bindwebp-bin node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10632
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

apk-parser2 is a module which extracts Android Manifest info from an APK file. apk-parser2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-apk-parser2_projectHackerOne
Product-apk-parser2apk-parser2 node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10567
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-16 Sep, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download JavaScript resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-product-monitor_projectHackerOne
Product-product-monitorproduct-monitor node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10688
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 01:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-haxeHackerOne
Product-haxehaxe3 node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10607
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

openframe-glsviewer is a Openframe extension which adds support for shaders via glslViewer. openframe-glsviewer downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-openframe-glslviewer_projectHackerOne
Product-openframe-glslvieweropenframe-glslviewer node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10565
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.81% / 73.24%
||
7 Day CHG~0.00%
Published-31 May, 2018 | 20:00
Updated-16 Sep, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-cnpmjsHackerOne
Product-operadriveroperadriver node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10592
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.17% / 38.97%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-17 Sep, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

Action-Not Available
Vendor-jser-stat_projectHackerOne
Product-jser-statjser-stat node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10579
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.81% / 73.24%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver before 2.26.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-chromedriver_projectHackerOne
Product-chromedriverchromedriver node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10693
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-16 Sep, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-pm2-kafka_projectHackerOne
Product-pm2-kafkapm2-kafka node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10622
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-17 Sep, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-nodeschnaps_projectHackerOne
Product-nodeschnapsnodeschnaps node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10615
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

curses is bindings for the native curses library, a full featured console IO library. curses downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-curses_projectHackerOne
Product-cursescurses node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10631
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-17 Sep, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jvminstall is a module for downloading and unpacking jvm to local system. jvminstall downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-jvminstall_projectHackerOne
Product-jvminstalljvminstall node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10601
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.55% / 66.81%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-17 Sep, 2024 | 04:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-uxebuHackerOne
Product-webdrvrwebdrvr node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10600
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.55% / 66.81%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-webrtcHackerOne
Product-webrtc-nativewebrtc-native node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10585
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-17 Sep, 2024 | 00:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-libxl_projectHackerOne
Product-libxllibxl node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10673
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.17% / 38.97%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application.

Action-Not Available
Vendor-ipipHackerOne
Product-ipip-coffeeipip-coffee node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10609
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

chromedriver126 is chromedriver version 1.26 for linux OS. chromedriver126 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-chromedriver126_projectHackerOneLinux Kernel Organization, Inc
Product-chromedriver126linux_kernelchromedriver126 node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10599
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-01 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-node-sauce-connect_projectHackerOne
Product-node-sauce-connectsauce-connect node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
CVE-2016-10670
Matching Score-10
Assigner-HackerOne
ShareView Details
Matching Score-10
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.77% / 72.66%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 16:00
Updated-16 Sep, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Action-Not Available
Vendor-windows-seleniumjar-mirror_projectHackerOne
Product-windows-seleniumjar-mirrorwindows-seleniumjar-mirror node module
CWE ID-CWE-311
Missing Encryption of Sensitive Data
CWE ID-CWE-310
Not Available
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found