LiveActive security incident?Get immediate response
CVE archive

June 2016

Browse CVE records published in June 2016, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 826 matching CVEs · Page 2 of 17.

Unknown · CVSS Not scored

CVE-2016-10640: node-thulac is a node binding for thulac.

node-thulac is a node binding for thulac. node-thulac downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10645: grunt-images is a grunt plugin for processing images.

grunt-images is a grunt plugin for processing images. grunt-images downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10604: dalek-browser-chrome is Google Chrome bindings for DalekJS.

dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10646: resourcehacker is a Node wrapper of Resource Hacker (windows executable resource editor).

resourcehacker is a Node wrapper of Resource Hacker (windows executable resource editor). resourcehacker downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10612: dalek-browser-ie-canary is Internet Explorer bindings for DalekJS.

dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10675: libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resources ov...

libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10575: Kindlegen is a simple Node.js wrapper of the official kindlegen program.

Kindlegen is a simple Node.js wrapper of the official kindlegen program. Kindlegen versions before 1.1.0 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10656: qbs is a build tool that helps simplify the build process for developing projects across multiple platforms.

qbs is a build tool that helps simplify the build process for developing projects across multiple platforms. qbs downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10660: fis-parser-sass-bin a plugin for fis to compile sass using node-sass-binaries.

fis-parser-sass-bin a plugin for fis to compile sass using node-sass-binaries. fis-parser-sass-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10614: httpsync is a port of libcurl to node.js.

httpsync is a port of libcurl to node.js. httpsync downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10662: tomita is a node wrapper for Yandex Tomita Parser tomita downloads binary resources over HTTP, which leaves...

tomita is a node wrapper for Yandex Tomita Parser tomita downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10595: jdf-sass is a fork from node-sass, jdf use only.

jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested file with an attacker controlled file if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10688: Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resourc...

Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

High · CVSS 7.1

CVE-2016-6555: OpenNMS Stored XSS via SNMP Trap Alerts

OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016.

Published Jun 15, 2022 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10637: haxe-dev is a cross-platform toolkit.

haxe-dev is a cross-platform toolkit. haxe-dev downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10676: rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over H...

rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10580: nodewebkit is an installer for node-webkit.

nodewebkit is an installer for node-webkit. nodewebkit downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10576: Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which...

Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10639: redis-srvr is a npm wrapper for redis-server.

redis-srvr is a npm wrapper for redis-server. redis-srvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10606: grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit download...

grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10596: imageoptim is a Node.js wrapper for some images compression algorithms.

imageoptim is a Node.js wrapper for some images compression algorithms. imageoptim downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10642: cmake installs the cmake x86 linux binaries.

cmake installs the cmake x86 linux binaries. cmake downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10643: jstestdriver is a wrapper for Google's jstestdriver.

jstestdriver is a wrapper for Google's jstestdriver. jstestdriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10626: mystem3 is a NodeJS wrapper for the Yandex MyStem 3.

mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10631: jvminstall is a module for downloading and unpacking jvm to local system.

jvminstall is a module for downloading and unpacking jvm to local system. jvminstall downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10684: healthcenter - IBM Monitoring and Diagnostic Tools health Center agent healthcenter downloads binary resour...

healthcenter - IBM Monitoring and Diagnostic Tools health Center agent healthcenter downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10608: robot-js is a module for native system automation for node.js.

robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10585: libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets.

libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10644: slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs.

slimerjs-edge is a npm wrapper for installing the bleeding edge version of slimerjs. slimerjs-edge downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10697: react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native.

react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10629: nw-with-arm is a NW Installer including ARM-Build.

nw-with-arm is a NW Installer including ARM-Build. nw-with-arm downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10671: mystem-wrapper is a Yandex mystem app wrapper module.

mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10624: selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium...

selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10694: alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows.

alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10687: windows-selenium-chromedriver is a module that downloads the Selenium Jar file.

windows-selenium-chromedriver is a module that downloads the Selenium Jar file. windows-selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10653: xd-testing is a testing library for cross-device (XD) web applications.

xd-testing is a testing library for cross-device (XD) web applications. xd-testing downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10588: nw is an installer for nw.js.

nw is an installer for nw.js. nw downloads zipped resources over HTTP, It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10623: macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedriver.

macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver-zxa downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10668: libsbml is a module that installs Linux binaries for libSBML libsbml downloads resources over HTTP, which l...

libsbml is a module that installs Linux binaries for libSBML libsbml downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10607: openframe-glsviewer is a Openframe extension which adds support for shaders via glslViewer.

openframe-glsviewer is a Openframe extension which adds support for shaders via glslViewer. openframe-glsviewer downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2016-10633: dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG.

dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 16, 2024