CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3101 CVE-2016-10623 310 Exec Code 2018-06-01 2018-07-09
9.3
None Remote Medium Not required Complete Complete Complete
macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver-zxa downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3102 CVE-2016-10622 310 Exec Code 2018-06-01 2018-07-09
9.3
None Remote Medium Not required Complete Complete Complete
nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3103 CVE-2016-10621 310 Exec Code 2018-06-01 2018-07-09
9.3
None Remote Medium Not required Complete Complete Complete
fibjs is a runtime for javascript applictions built on google v8 JS. fibjs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3104 CVE-2016-10620 310 Exec Code 2018-06-01 2018-07-09
9.3
None Remote Medium Not required Complete Complete Complete
atom-node-module-installer installs node modules for atom-shell applications. atom-node-module-installer binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3105 CVE-2016-10617 310 Exec Code 2018-06-01 2018-07-09
9.3
None Remote Medium Not required Complete Complete Complete
box2d-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3106 CVE-2016-10615 310 Exec Code 2018-06-01 2018-07-09
9.3
None Remote Medium Not required Complete Complete Complete
curses is bindings for the native curses library, a full featured console IO library. curses downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3107 CVE-2016-10614 310 Exec Code 2018-06-01 2018-07-09
9.3
None Remote Medium Not required Complete Complete Complete
httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3108 CVE-2016-10612 310 Exec Code 2018-06-01 2018-07-05
9.3
None Remote Medium Not required Complete Complete Complete
dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3109 CVE-2016-10611 310 Exec Code 2018-05-29 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
strider-sauce is Sauce Labs / Selenium support for Strider. strider-sauce downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.
3110 CVE-2016-10609 310 Exec Code 2018-06-01 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
chromedriver126 is chromedriver version 1.26 for linux OS. chromedriver126 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3111 CVE-2016-10608 310 Exec Code 2018-06-01 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3112 CVE-2016-10607 310 Exec Code 2018-06-01 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
openframe-glsviewer is a Openframe extension which adds support for shaders via glslViewer. openframe-glsviewer downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3113 CVE-2016-10606 310 Exec Code 2018-06-01 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3114 CVE-2016-10605 310 Exec Code 2018-06-01 2018-07-05
9.3
None Remote Medium Not required Complete Complete Complete
dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-browser-ie downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3115 CVE-2016-10604 310 Exec Code 2018-06-01 2018-07-03
9.3
None Remote Medium Not required Complete Complete Complete
dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3116 CVE-2016-10603 310 Exec Code 2018-06-01 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3117 CVE-2016-10602 310 Exec Code 2018-06-01 2018-07-09
9.3
None Remote Medium Not required Complete Complete Complete
haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.
3118 CVE-2016-10601 310 Exec Code 2018-05-29 2018-07-05
9.3
None Remote Medium Not required Complete Complete Complete
webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3119 CVE-2016-10600 310 Exec Code 2018-06-01 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
webrtc-native uses WebRTC from chromium project. webrtc-native downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3120 CVE-2016-10599 310 Exec Code 2018-06-01 2018-12-14
9.3
None Remote Medium Not required Complete Complete Complete
sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3121 CVE-2016-10595 310 Exec Code 2018-06-01 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested file with an attacker controlled file if the attacker is on the network or positioned in between the user and the remote server.
3122 CVE-2016-10593 310 Exec Code 2018-05-29 2018-09-25
9.3
None Remote Medium Not required Complete Complete Complete
ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. Before 2.5.6, it may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3123 CVE-2016-10591 310 Exec Code 2018-05-29 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince(1) CLI. prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.
3124 CVE-2016-10590 310 Exec Code 2018-05-29 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.
3125 CVE-2016-10589 310 Exec Code 2018-05-29 2018-07-03
9.3
None Remote Medium Not required Complete Complete Complete
selenium-binaries downloads Selenium related binaries for your OS. selenium-binaries downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3126 CVE-2016-10588 310 Exec Code 2018-06-01 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
nw is an installer for nw.js. nw downloads zipped resources over HTTP, It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3127 CVE-2016-10587 310 Exec Code 2018-06-01 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3128 CVE-2016-10586 310 Exec Code 2018-05-29 2018-07-03
9.3
None Remote Medium Not required Complete Complete Complete
macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver before 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3129 CVE-2016-10585 310 Exec Code 2018-06-01 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.
3130 CVE-2016-10584 310 Exec Code 2018-05-29 2018-07-03
9.3
None Remote Medium Not required Complete Complete Complete
dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3131 CVE-2016-10583 310 Exec Code 2018-06-01 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
closure-utils is Utilities for Closure Library based projects. closure-utils downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3132 CVE-2016-10582 310 Exec Code 2018-06-01 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3133 CVE-2016-10581 310 Exec Code 2018-06-01 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.
3134 CVE-2016-10580 310 Exec Code 2018-06-01 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
nodewebkit is an installer for node-webkit. nodewebkit downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.
3135 CVE-2016-10576 310 Exec Code 2018-06-01 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3136 CVE-2016-10575 310 Exec Code 2018-06-01 2018-07-03
9.3
None Remote Medium Not required Complete Complete Complete
Kindlegen is a simple Node.js wrapper of the official kindlegen program. Kindlegen versions before 1.1.0 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3137 CVE-2016-10574 310 Exec Code 2018-06-01 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
apk-parser3 is a module to extract Android Manifest info from an APK file. apk-parser3 versions before 0.1.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3138 CVE-2016-10573 310 Exec Code 2018-05-29 2018-07-05
9.3
None Remote Medium Not required Complete Complete Complete
baryton-saxophone is a module to install and launch Selenium Server for Mac, Linux and Windows. baryton-saxophone versions below 3.0.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3139 CVE-2016-10572 310 Exec Code 2018-05-31 2018-07-05
9.3
None Remote Medium Not required Complete Complete Complete
mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3140 CVE-2016-10571 310 Exec Code 2018-05-31 2018-07-05
9.3
None Remote Medium Not required Complete Complete Complete
bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-wand versions lower than 0.3.2 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3141 CVE-2016-10570 310 Exec Code 2018-05-29 2018-07-05
9.3
None Remote Medium Not required Complete Complete Complete
pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3142 CVE-2016-10569 310 Exec Code 2018-05-31 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.
3143 CVE-2016-10567 310 Exec Code 2018-05-29 2018-07-06
9.3
None Remote Medium Not required Complete Complete Complete
product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download JavaScript resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.
3144 CVE-2016-10566 310 Exec Code 2018-05-29 2018-07-03
9.3
None Remote Medium Not required Complete Complete Complete
install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3145 CVE-2016-10562 310 Exec Code 2018-05-31 2018-07-05
9.3
None Remote Medium Not required Complete Complete Complete
iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3146 CVE-2016-10560 310 Exec Code 2018-05-31 2018-07-05
9.3
None Remote Medium Not required Complete Complete Complete
galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3147 CVE-2016-10559 310 Exec Code 2018-05-29 2018-07-05
9.3
None Remote Medium Not required Complete Complete Complete
selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3148 CVE-2016-10558 310 Exec Code 2018-05-29 2018-07-03
9.3
None Remote Medium Not required Complete Complete Complete
aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3149 CVE-2016-10546 94 Exec Code 2018-05-31 2018-07-06
10.0
None Remote Low Not required Complete Complete Complete
An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands.
3150 CVE-2016-10532 287 Exec Code Bypass 2018-05-31 2018-07-20
10.0
None Remote Low Not required Complete Complete Complete
console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the console-io application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive the response.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.