Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-10696 |
windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. Published: June 04, 2018; 3:29:00 PM -0400 |
V3.0: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2016-10695 |
The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. Published: June 04, 2018; 3:29:00 PM -0400 |
V3.0: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2018-1600 |
IBM BigFix Platform 9.2 and 9.5 transmits sensitive or security-critical data in clear text in a communication channel that can be sniffed by unauthorized actors. IBM X-Force ID: 143745. Published: June 04, 2018; 1:29:00 PM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-11715 |
The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject. Published: June 04, 2018; 1:29:00 PM -0400 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-1748 |
IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 135521. Published: June 04, 2018; 1:29:00 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2016-10694 |
alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. Published: June 04, 2018; 12:29:02 PM -0400 |
V3.0: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2016-10693 |
pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. Published: June 04, 2018; 12:29:02 PM -0400 |
V3.0: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2016-10692 |
haxeshim haxe shim to deal with coexisting versions. haxeshim downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. Published: June 04, 2018; 12:29:02 PM -0400 |
V3.0: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2016-10691 |
windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. Published: June 04, 2018; 12:29:02 PM -0400 |
V3.0: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2016-10690 |
openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. Published: June 04, 2018; 12:29:02 PM -0400 |
V3.1: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2016-10689 |
The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. Published: June 04, 2018; 12:29:02 PM -0400 |
V3.0: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2016-10688 |
Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. Published: June 04, 2018; 12:29:02 PM -0400 |
V3.1: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2016-10687 |
windows-selenium-chromedriver is a module that downloads the Selenium Jar file. windows-selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. Published: June 04, 2018; 12:29:02 PM -0400 |
V3.0: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2016-10686 |
fis-sass-all is another libsass wrapper for node. fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. Published: June 04, 2018; 12:29:02 PM -0400 |
V3.0: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2016-10685 |
pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. Published: June 04, 2018; 12:29:02 PM -0400 |
V3.0: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2016-10684 |
healthcenter - IBM Monitoring and Diagnostic Tools health Center agent healthcenter downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. Published: June 04, 2018; 12:29:02 PM -0400 |
V3.0: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2016-10683 |
arcanist downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. Published: June 04, 2018; 12:29:02 PM -0400 |
V3.0: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2016-10678 |
serc.js is a Selenium RC process wrapper serc.js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. Published: June 04, 2018; 12:29:02 PM -0400 |
V3.0: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2016-10677 |
google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Google Closure tools google-closure-tools-latest downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. Published: June 04, 2018; 12:29:02 PM -0400 |
V3.0: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2016-10676 |
rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. Published: June 04, 2018; 12:29:02 PM -0400 |
V3.0: 8.1 HIGH V2.0: 9.3 HIGH |